Spring Security PermiAll doesn't work when integration with CAS

here is my configuration

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .anyRequest().authenticated()
            .antMatchers("/js/**").permitAll()
         .and()
            .logout().permitAll()
         .and()
            .formLogin();

        http.exceptionHandling().authenticationEntryPoint(getCasAuthenticationEntryPoint())
            .and()
            .addFilter(casAuthenticationFilter())
            .addFilterBefore(casLogoutFilter(), LogoutFilter.class)
            .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class);
    }

with the instruction .antMatchers("/js/**").permitAll() I want to bypass the authentication to resources under path /js/, such as http://localhost:8080/js/app.js, but it didn't work, it redirect to the CAS server for authentication. is there anything wrong.

Comment From: eleftherias

Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add more detail if you feel this is a genuine bug.