add 2 configuration classes in which you describe and implement security

package example.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

  private final static String username = "admin";
  private final static String password = "password";

  @Autowired
  private BasicAuthenticationPoint basicAuthenticationPoint;

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
    http.authorizeRequests().antMatchers("/", "/api/**").permitAll()
        .anyRequest().authenticated();
    http.httpBasic().authenticationEntryPoint(basicAuthenticationPoint);
  }

  // https://spring.io/blog/2017/11/01/spring-security-5-0-0-rc1-released#password-storage-format
  @Autowired
  public void configureGlobal(AuthenticationManagerBuilder auth)
      throws Exception {
    auth.inMemoryAuthentication().withUser(username)
        .password(String.format("{noop}%s", password)).roles("USER");
  }

}

package example.config;

import org.springframework.context.annotation.Bean;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.stereotype.Component;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@Component
public class BasicAuthenticationPoint extends BasicAuthenticationEntryPoint {
  private static final String realName = "user";

  @Override
  public void commence(HttpServletRequest request, HttpServletResponse response,
      AuthenticationException e) throws IOException {
    response.addHeader("WWW-Authenticate", "Basic realm=" + getRealmName());
    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

    PrintWriter writer = response.getWriter();
    writer.println("HTTP Status 401 - " + e.getMessage());

  }

  @Override
  public void afterPropertiesSet() {
    setRealmName(realName);
    super.afterPropertiesSet();
  }


}

after that
mvn -Dmaven.test.skip=true clean spring-boot:run
curl --silent http://localhost:8080/

HTTP Status 401 - Full authentication is required to access this resource

curl --silent --user admin:wrong_password http://localhost:8080/employees

HTTP Status 401 - Bad credentials

curl -silent --user admin:password http://localhost:8080/employees

HTTP Status 200 OK
...
то что контроллер должен ответить

the password is unencrypted:
Basic YWRtaW46cGFzc3dvcmQ=
echo 'YWRtaW46cGFzc3dvcmQ=' | base64 -d -
admin:password
I use this for a stub server on which some other application that I, for example, debug, posts all sorts of things, but for example, not everyone should be allowed

I want to make authentication so that the request comes from the front (I only do back).

In essence, you are writing a REST service, and accordingly, you need to add authentication using jwt.
Here is a sample application - https://github.com/hantsy/spring-webmvc-jwt-sample
You can read it here:
https://www.bezkoder.com/spring-boot-security-post...