Erro ao executar a aplicação | Spring MVC: autenticação com Spring Security, API Rest e AJAX

Ao tentar levantar a aplicação, estou levando os seguintes erros:

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: permitAll only works with HttpSecurity.authorizeRequests()

Caused by: java.lang.IllegalStateException: permitAll only works with HttpSecurity.authorizeRequests()

Segue conteúdo do pom:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.6.6</version>
        <relativePath /> <!-- lookup parent from repository -->
    </parent>
    <groupId>br.com.alura.mvc</groupId>
    <artifactId>mudi</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>mudi</name>
    <description>Demo project for Spring Boot</description>
    <properties>
        <java.version>1.8</java.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <scope>runtime</scope>
            <optional>true</optional>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>        
        <!-- apenas necessário a partir do spring 2.3 -->
        <dependency>
              <groupId>org.springframework.boot</groupId>
              <artifactId>spring-boot-starter-validation</artifactId>
        </dependency>        
        <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
        </dependency>        
    </dependencies>
    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>
</project>

Conteúdo de WebSecurityConfig:

package br.com.alura.mvc.mudi;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests()
            .anyRequest().authenticated()
        .and()
            .formLogin(form -> form    .loginPage("/login").permitAll()                    
            );
    }    
    @Bean
    @Override
    public UserDetailsService userDetailsService() {
        UserDetails user =
             User.withDefaultPasswordEncoder()
                .username("marcio")
                .password("marcio")
                .roles("ADM")
                .build();
        return new InMemoryUserDetailsManager(user);
    }
}

Conteúdo de login.html

<html>
    <head th:replace="~{base :: head}"></head>
    <body>    
        <div th:replace="~{base :: logo('login')}"></div>
        <!-- CONTAINER -->
        <div class="container">            
            <div th:replace="~{base :: titulo('Login')}"></div>                                
            <!-- CARD -->        
            <div class="card mb-3" >
                <form th:action="@{/login}" class="card-body" method="post">
                    <div class="form-group">
                        <label for=""username"">Usuário</label>
                        <input name="username" class="form-control"  type="text" placeholder="Insira seu uruário">    
                    </div>
                    <div class="form-group">
                        <label for="password">Senha</label>
                        <input name="password" class="form-control"  type="password" placeholder="Insira sua senha">
                    </div>
                    <button class="btn btn-primary mt-3" type="submit">Autenticar</button>
                </form>            
            </div>                    
        </div>        
    </body>
</html>

Abraços!