I try to use swagger with my GET, POST an PUT endpoints. When I try to trigger GET enpoint without authentication it returns me 401, but POST and PUT 403. Why is that so different? I would like to all of them return 401 if there is no authentication. Here is my controller

@Controller
@RequestMapping(value = {"/abc"}, produces = {"application/json"})
public class MyController {

  @ApiOperation(value = "Create", notes = "", response = Dto.class, authorizations = {
      @Authorization(value = "oauth2schema", scopes = {
          @AuthorizationScope(scope = "read", description = "read")
      })
  }, tags = {})
  @RequestMapping(value = "/v1",
      produces = {"application/json"},
      method = RequestMethod.POST)
  public ResponseEntity<Dto> create(
      @ApiParam(value = "") @RequestBody Dto dto) {
    return ...;
  }

  @ApiOperation(value = "Get", notes = "", response = Dto.class, authorizations = {
      @Authorization(value = "oauth2schema", scopes = {
          @AuthorizationScope(scope = "read", description = "read")
      })
  }, tags = {})
  @RequestMapping(value = "/v1",
      produces = {"application/json"},
      method = RequestMethod.GET)
  public ResponseEntity<Dto> get() {
    return ... ;
  }
}

Then I have some auth settings

@Configuration
@EnableWebSecurity
@EnableDiscoveryClient
public class SecurityConfig {

  @Bean
  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    // @formatter:off
    http
        .authorizeRequests()
        .antMatchers("/metrics").permitAll()
        .antMatchers("/health").permitAll()
        .antMatchers("/info").permitAll()
        .antMatchers("/swagger.json").permitAll()
        .antMatchers("/abc/**").authenticated()
        .and()
        .exceptionHandling()
        .and()
        .oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken);
    // @formatter:on
    return http.build();
  }
}