Spring Security CSRF disable is not working

Question

I want to protect /actuator/shutdown endpoint with Basic auth. I have an implementation of UserDetailsService and my security class looks like this:

@Configuration
public static class ActuatorWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

  @Autowired
  UserProvider userProvider;

  @Autowired
  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(new UserDetailsServiceCustom(userProvider)).passwordEncoder(new BCryptPasswordEncoder(12));
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
       .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

    http.authorizeRequests()
       .antMatchers("/actuator/shutdown").authenticated().and().httpBasic();
  }
}

I enabled shutdown endpoint like this in properties:

management:
  endpoints:
    web:
      exposure:
        include: shutdown
  endpoint:
    shutdown:
      enabled: true

When I perform POST /actuator/shutdown I receive 403 FORBIDDEN and with debugger I see that UserDetailsServiceCustom method is not triggered at all, but if I try GET /actuator/shutdown I receive 405 and method in UserDetailsServiceCustom is triggered properly, so it means that I can access this endpoint but something stands in a way of POST. I googled a lot and found out that it's because of CSRF but as you can see I've disabled it already. I also tried to add web.ignoring().antMatchers("/actuator/shutdown") but this way anyone can access this endpoint.

So my question is how to enable Basic Authentication that uses my database users for this endpoint?

UPDATE Okay so the problem was not with the HttpSecurity config or CSRF but with how I incorrectly implemented multiple HttpSecurity