Spring

How to properly add front to spring boot rest api?

Developed an API. Requests for specific resources:

/api/auth/register
/api/auth/verify
/api/auth/login
/api/users
/api/users/{id}/shelves
/api/shelves/{id}/books
/api/books/{id}/wish
и т.д.

handle rest controllers.

Requests go to localhost:8080/api (data is received and returned in JSON). After a successful login, a JWT is issued, which should be used in requests to other rest controllers ("/api/users", "/api/shelves", etc.).
All controllers except Auth require a JWT.

Now I decided to add a front. I'm thinking of implementing this as a SPA on Vue.js
What I did: put index.html in the /resources/templates folder, put /css/main.css and /js/main.js in /resources/static.
Added a regular controller:

@Controller
public class IndexController {

    @GetMapping("/")
    public String index() {
        return "index";
    }
}

The main page (localhost:8080) loaded, but the JS and styles didn't (401 errors). As I understand it, this is due to the WebSecurityConfig settings.

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.httpBasic().and().cors().and().csrf().disable()
                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .authorizeRequests().antMatchers("/api/auth/*").permitAll()
                .antMatchers("/", "/resources/**").permitAll()
                .anyRequest().authenticated();

        http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
    }

Please help me figure out what needs to be changed so that the resources start loading?
How does access control work in general? Does order matter? Where is it written in plain language?