SpringBoot版本：2.7.5

在Security核心配置类  SecurityConfig  中的  SecurityFilterChain 下的拦截规则哪里添加

.antMatchers("/avatar/*").authenticated()

注意：白名单中也要有需要放行路径

//白名单
private static final String[] URL_WHITELIST = {
            "/login",
            "/logout",
            "/avatar/*"
};

@Bean
public SecurityFilterChain SecurityFilterChain(HttpSecurity http) throws Exception {
    http
       ...

       // 配置拦截规则
       .and()
       .authorizeRequests()
       .antMatchers("/avatar/*").authenticated()
       .antMatchers(URL_WHITELIST).permitAll()   //白名单放行
       .anyRequest().authenticated()
       ...
   return ();
}