Configuring the endpoint authorization in Spring Security without extending the WebSecurityConfigurerAdapter class