Sorry, for having to even create the question, the problem with the 403 error was that the test case on the app Post Man on the endpoint "/test" did not have enough header requirement. When creating another test request on the get method and testing again, it turned out fine. The problem was never related with spring-security.