Issue with configuring SpringSecurity to allow URLs in FilterChain

Question

I'm using spring boot v3.2.3 with the following dependencies

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
        </dependency>

Here my securiy config

@Configuration
public class SecurityConfig {


    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(authorize -> authorize
                        .requestMatchers("swagger-ui/**", "/v3/api-docs/**", "/test").permitAll()
                        .anyRequest().authenticated())
                .oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()));

        return http.build();
    }

The problem is that I need to send an authorization header even for the url /test ! otherwise we get 401 error

Note: I'm able to access my swagger-ui by adding requestMatchers("swagger-ui/**", "/v3/api-docs/**").permitAll()

Why the /test url require a bearer token ? something is missing ?

// application.yml
spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: <sso-issuer-url>
          audiences: <audience>