I found a way to solve it.

I permitted all requests to come in, in the security configuration class. Then annotated all the methods by @PreAuthorize("isAuthenticated()") which need to be protected. Then the method that should be accessible without authentication , left it without adding the mentioned annotation.