Spring Security Query on documentation related to dealing with Static Resource (e.g css)

Spring Boot: v3.1.4

Hi all, I notice that in the official spring security documentation Favor permitAll over ignoring it mentions

http
    .authorizeHttpRequests((authorize) -> authorize
        .requestMatchers("/css/**").permitAll()
        .anyRequest().authenticated()
    )

I configure the same way, and try access http://localhost:8080/css/demo.css, but result in "No mapping for GET /css/demo.css". My project structure for static resource is resources/static/css/demo.css

To resolve the "No Mapping for GET" error, i add the below, and there is NO NEED to even add the aforementioned code to permitAll for the css.

@Configuration
public class DemoSecurityConfig  extends WebMvcConfigurationSupport {


   ....
 private static final String[] CLASSPATH_RESOURCE_LOCATIONS = {
            "classpath:/META-INF/resources/", "classpath:/resources/",
            "classpath:/static/", "classpath:/public/" };

    @Override
    protected void addResourceHandlers(ResourceHandlerRegistry registry) {
        if (!registry.hasMappingForPattern("/webjars/**")) {
            registry.addResourceHandler("/webjars/**").addResourceLocations(
                    "classpath:/META-INF/resources/webjars/");
        }
        if (!registry.hasMappingForPattern("/**")) {
            registry.addResourceHandler("/**").addResourceLocations(
                    CLASSPATH_RESOURCE_LOCATIONS);
        }
    }

So my question is: Why does the documentation never mentions about writing the addResourceHandler code to deal with static resources. And if I follow the documentation to add the permitAll for the css, without the addResourceHandler code, error persist. Is the spring security documentation correct or complete, when it comes to handling static resource?

Comment From: hannah23280

Close this, as it is shifted to spring boot github