Spring security failed when accessing through spring gateway

Question

I have a problem when i define my custom routes in apigateway my security stop working on the secure microservice. It lets the communication go tru even when i have secure the path.

My question is, is it some thing that has to do with spring or am'I doing somethine wrong?

I still need to add the a filter in my Gateway to filter the communication path to check is the JWT token is valid with the right secret.

Here is my Security Configuration on the Secure Microservice.

package com.streetrecruit.usermc.security;

import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    private final UserDetailsService userDetailsService;
    private final BCryptPasswordEncoder bCryptPasswordEncoder;
    private final Environment env;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.csrf().disable();
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        http.authorizeRequests().antMatchers("/**").hasIpAddress(env.getProperty("gateway.ip"));
        http.authorizeRequests().antMatchers(
                "/api/login/**",
                "/user/save/**",
                "/user/role/addtouser/**").permitAll();
        http.authorizeRequests().antMatchers(HttpMethod.GET,"/user/{username}/**").hasAnyAuthority("ADMIN");
        http.authorizeRequests().anyRequest().authenticated();
        http.addFilter(authenticationFilter());
        http.addFilterBefore(authorizationFilter(), UsernamePasswordAuthenticationFilter.class);
        http.httpBasic();
    }
    private CustomAuthenticationFilter authenticationFilter() throws Exception {
        CustomAuthenticationFilter customAuthenticationFilter = new CustomAuthenticationFilter(authenticationManagerBean(),env);
        customAuthenticationFilter.setFilterProcessesUrl("/api/login");
        return customAuthenticationFilter;
    }

    private CustomAuthorizationFilter authorizationFilter(){
        CustomAuthorizationFilter customAuthorizationFilter = new CustomAuthorizationFilter(env);
        return customAuthorizationFilter;
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean()throws Exception{
        return super.authenticationManagerBean();
    }


}

And this is my apigateway Customroutes.

package com.streetrecruit.apigateway;

import org.springframework.cloud.gateway.route.RouteLocator;
import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class GatewayRouteConfiguration {

    @Bean
    public RouteLocator gatewayRoute(RouteLocatorBuilder builder,AuthorizationFilter authorizationFilter){

        return builder.routes()
                .route(p -> p.path("/user-mc/user/{username}")
                        .filters(f->f.rewritePath("/user-mc/(?<segment>.*)", "/$\\{segment}"))
                        .uri("lb://user-mc"))
                .route(p -> p.path("/user-mc/api/login")
                        .filters(f->f.rewritePath("/user-mc/(?<segment>.*)", "/$\\{segment}"))
                        .uri("lb://user-mc"))
                .route(p -> p.path("/user-mc/user/role/addtouser")
                        .filters(f->f.rewritePath("/user-mc/(?<segment>.*)", "/$\\{segment}"))
                        .uri("lb://user-mc"))
                .route(p -> p.path("/user-mc/user/save")
                        .filters(f->f.rewritePath("/user-mc/(?<segment>.*)", "/$\\{segment}"))
                        .uri("lb://user-mc"))
                .build();
    }
}

Im trying to access this path. See it's giving me the results even without the Authorization token (this supposed to be secure)

Postman picture of request