Spring Boot 配置了 permitAll 仍然响应 401 Unauthorized

示例 Controller 如下:

package com.delivery.orders

import org.springframework.web.bind.annotation.*

@RestController
@RequestMapping("/order")
class OrderController(val orderRepository: OrderRepository) {
    @GetMapping
    fun findOrdersByUser(): Iterable<ViewOrder> = orderRepository.findAll().map { it.toView() };

    @GetMapping("/hi")
    fun hi(): String = "Cool";

    //    @PostMapping
    //    fun create(@RequestBody createOrder: CreateOrder): ViewOrder =
    //        orderRepository.save(Order(name = createOrder.name)).toView()
}

访问 api/v1/order/hi 时,返回 401 Unauthorized

SpringSecurity 中已经设置了 permitAll

package com.delivery.config


import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

@Configuration
@EnableWebSecurity
class SecurityConfig() {

    fun configure(http: HttpSecurity): SecurityFilterChain {
        http
            .authorizeHttpRequests { auth ->
                auth.anyRequest().permitAll()
            }

        //        http.authorizeHttpRequests { auth ->
        //            auth
        //                .requestMatchers("/api/v*/auth/**", "/auth/**").permitAll()
        //                .anyRequest().authenticated()
        //        }

        // http.addFilterBefore(firebaseTokenFilter, UsernamePasswordAuthenticationFilter::class.java)
        return http.build()
    }
}

有人能帮我看看吗?