Basic authentication doesn't work in Spring-Boot WS Soap service

Question

I have SOAP mock service with Spring WS. I'm trying to add basic http auth. I use this configuration of web-service:

@EnableWs
@Configuration
public class WebServiceConfig extends WsConfigurerAdapter {

@Bean
public ServletRegistrationBean messageDispatcherServlet(ApplicationContext applicationContext) {
    MessageDispatcherServlet servlet = new MessageDispatcherServlet();
    servlet.setApplicationContext(applicationContext);
    return new ServletRegistrationBean(servlet);
}

@Bean(name = "cards")
public Wsdl11Definition wsdlDefinition() {
    SimpleWsdl11Definition wsdl11Definition = new SimpleWsdl11Definition();
    wsdl11Definition.setWsdl(new ClassPathResource("cards.wsdl"));
    return wsdl11Definition;
}
}

and this configuration of spring-security:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
      .authorizeRequests().anyRequest().authenticated()
      .and().httpBasic()
      .and().authorizeRequests().antMatchers("*.wsdl").permitAll();
}

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth
            .inMemoryAuthentication()
            .withUser("user").password("password").roles("USER");
}

but when I run spring-boot and send requests to service, it returns responses even without authentication. What I've configured wrong?

upd: Also if I run spring-boot with following changes to configuration:

//@EnableWs
@Configuration
public class WebServiceConfig extends WsConfigurerAdapter {

//@Bean
//public ServletRegistrationBean messageDispatcherServlet(ApplicationContext applicationContext) {
//    MessageDispatcherServlet servlet = new MessageDispatcherServlet();
//    servlet.setApplicationContext(applicationContext);
//    return new ServletRegistrationBean(servlet);
//}

@Bean(name = "cards")
public Wsdl11Definition wsdlDefinition() {
    SimpleWsdl11Definition wsdl11Definition = new SimpleWsdl11Definition();
    wsdl11Definition.setWsdl(new ClassPathResource("cards.wsdl"));
    return wsdl11Definition;
}
}

it works ok (requires auth for requests) but url mapping changes to [/services/*] that is not desired mapping for me. Sorry, I'm newbie with Spring.

Answer 1

try,

as @denium pointed out order matters

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
      .antMatchers("*.wsdl").permitAll()
      .anyRequest().authenticated().hasRole("USER")
      .and().httpBasic();

}