It's possible to use the annotation: @Secured() in my method to secure instead: @Override protected void configure(final HttpSecurity http) throws Exception { super.configure(http); http .authorizeRequests() .antMatchers("/estado/*").hasRole("CARTORIO") .antMatchers("/natureza/*").hasRole("CLIENTE") .anyRequest().permitAll(); } tks