Below code also not working for me.

.authorizeHttpRequests(authorizeRequests -> authorizeRequests .requestMatchers("/api/createUser/**").hasRole("ADMIN") .requestMatchers("/api/login/**").hasRole("USER") .requestMatchers("/api/**").authenticated()