.antMatchers().permitAll() parece não funcionar

Habilitei spring-security em meu projeto, e agora todas as API precisa de autenticação, perfeito era isso que eu precisava.

Porem quero que apenas uma API não precise de autenticação. Tentei utilizar .authorizeRequests() .antMatchers(HttpMethod.GET, "/usuario/informacoes/**") .permitAll()

mas isso não funciona e continuo recebendo:

This XML file does not appear to have any style information associated with it. The document tree is shown below. <oauth> <error_description> Full authentication is required to access this resource </error_description> <error>unauthorized</error> </oauth> 

Estou com o seguinte codigo:

WebSecurityConfigurerAdapter

 import org.springframework.context.annotation.Bean; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;    @EnableWebSecurity @EnableAuthorizationServer @EnableResourceServer @EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter {      @Bean     @Override     protected AuthenticationManager authenticationManager() throws Exception {         return super.authenticationManager();     }      protected void configure(HttpSecurity http, WebSecurity web) throws Exception {         http             .authorizeRequests()             .antMatchers(HttpMethod.GET, "/usuario/informacoes/**")             .permitAll()             .anyRequest().authenticated()             .and().csrf().disable();     }      @Override     public void configure(WebSecurity web) throws Exception {         web             .ignoring().antMatchers("/favicon.ico");     }      @Bean     public PasswordEncoder passwordEncoder() {         return new BCryptPasswordEncoder();     }  } 

API

@RestController @RequestMapping("/usuario")  @RequestMapping(value = "/informacoes/{id}", method = RequestMethod.GET)     public ResponseEntity<Object[]> informacoesUsuario(@Valid @PathVariable("id") Long id) throws Exception {          Object[] response = usuarioServices.informacoesUsuario(id);          return ResponseEntity.status(HttpStatus.OK).body(response);     } 

pom.xml

<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"     xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">     <modelVersion>4.0.0</modelVersion>     <parent>         <groupId>org.springframework.boot</groupId>         <artifactId>spring-boot-starter-parent</artifactId>         <version>2.1.5.RELEASE</version>         <relativePath/> <!-- lookup parent from repository -->     </parent>     <groupId>com.mfac</groupId>     <artifactId>mfac</artifactId>     <version>0.0.1-SNAPSHOT</version>     <name>mfac</name>     <description>mfac - rest</description>      <properties>         <java.version>12</java.version>     </properties>      <dependencies>          <!-- Segurança | Início -->         <dependency>             <groupId>org.springframework.boot</groupId>             <artifactId>spring-boot-starter-oauth2-client</artifactId>         </dependency>         <dependency>             <groupId>org.springframework.boot</groupId>             <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>         </dependency>         <dependency>             <groupId>org.springframework.boot</groupId>             <artifactId>spring-boot-starter-security</artifactId>         </dependency>          <dependency>             <groupId>org.springframework.security.oauth.boot</groupId>             <artifactId>spring-security-oauth2-autoconfigure</artifactId>             <version>2.1.4.RELEASE</version>         </dependency>                 <!-- Segurança | Fim -->             <dependency>             <groupId>org.springframework.boot</groupId>             <artifactId>spring-boot-starter-data-jpa</artifactId>         </dependency>           <dependency>             <groupId>org.springframework.boot</groupId>             <artifactId>spring-boot-starter-web</artifactId>         </dependency>          <dependency>             <groupId>org.springframework.boot</groupId>             <artifactId>spring-boot-devtools</artifactId>             <scope>runtime</scope>         </dependency>         <dependency>             <groupId>mysql</groupId>             <artifactId>mysql-connector-java</artifactId>             <scope>runtime</scope>         </dependency>         <dependency>             <groupId>org.springframework.boot</groupId>             <artifactId>spring-boot-starter-test</artifactId>             <scope>test</scope>         </dependency>         <dependency>             <groupId>org.springframework.security</groupId>             <artifactId>spring-security-test</artifactId>             <scope>test</scope>         </dependency>     </dependencies>      <build>         <plugins>             <plugin>                 <groupId>org.springframework.boot</groupId>                 <artifactId>spring-boot-maven-plugin</artifactId>             </plugin>         </plugins>     </build>  </project>