HttpSecurity and antMatchers()

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
    .authorizeRequests()
    .antMatchers("/users/detail").authenticated()
    .antMatchers(HttpMethod.POST, "/users").authenticated()
    .anyRequest().permitAll();
}

object of "HttpSecurity" class  "http" given to configure() method is used to configure
several aspect of security for the http requests.
Using the HttpSecurity you can set the authentication and authorization level security for
different URLs and different roles.
Here, the first method authorizeRequests() returns the object and on that you can call
antMatchers() method.

antMatchers("/users/detail").authenticated()
Above call specifies that each request for "users/detail" must be authenticated.

antMatchers(HttpMethod.POST, "/users").authenticated()
above call specifies that each POST call for the /users must be authenticated.

anyRequest().permitAll()
above call specifies that all the rest of URL request will be allowed or permitted the access.

antMatchers("/reports/**").authenticated();
as given above we can also apply the (Ant style wildcarding) wildcard pattern in the URL value.

.regexMatchers("/reports/.*").authenticated();
as given above you can also use the regex pattern which is similar to the antMatchers("/reports/**").authenticated();

antMatchers("/reports/**", "/data/**",).authenticated();
you can also provide multiple URL as given above.