Java authorizeRequests().permitAll() not working

Using the code from the Quickstart guide and running into issues.

public class SecurityConfig extends WebSecurityConfigurerAdapter {
	protected void configure(HttpSecurity http) throws Exception {
				//.mvcMatchers(HttpMethod.GET, "/api/menu/items/**").permitAll() // GET requests don't need auth
				.permitAll() // Allow webhook calls

My understanding is this should allow calls to /webhook to pass freely, but it’s not working as expected. My webhook calls are getting authenticated and throwing 401 errors. What’s wrong?