filter is applied to paths that should be allowed in http security configuration with new SS 6.4.3

[gigi888]

Describe the bug
this is how I configure http security using the SS 6.4.3

  @Bean
  open fun securityFilterChain(http: HttpSecurity, authManager: AuthenticationManager): SecurityFilterChain {
    http {
      authorizeHttpRequests {
        authorize(HttpMethod.OPTIONS, "/**", permitAll)
         authorize(HttpMethod.GET, "/swagger-ui.html", permitAll)       
        authorize(anyRequest, authenticated)
      }
      csrf { disable() }
      sessionManagement {
        sessionCreationPolicy = SessionCreationPolicy.STATELESS
      }
      addFilterBefore<AuthorizationFilter>(MyFilter(processor, authManager))
    }
    return http.build()
  }

even though '/swagger-ui.html' is configured to skip authentication, MyFilter is found applied to /swagger-ui.html. It was not the case with SS 5.4

To Reproduce
Steps to reproduce the behavior.

Expected behavior
filter added later should NOT be applied to paths configured with permitAll

Sample

A link to a GitHub repository with a minimal, reproducible sample.

Reports that include a sample will take priority over reports that do not.
At times, we may require a sample, so it is good to try and include a sample up front.