Spring Security keeps asking for login when using RequestParam

I'm trying to build a backend part of my app and I want to use rest controllers and secure them with spring security.
This is the config:

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().configurationSource(corsConfigurationSource()).and().csrf().
                disable()
                .authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS, "/**")
                .permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .httpBasic();
    }

I also have two controllers:

@GetMapping(path = "/testOFWork")
    public AuthBean test() {
        System.out.println("worked");
        return new AuthBean("You are authenticated already");
    }

@GetMapping(path = "/getUserInfo")
    public User getInfo(@RequestParam(value = "username") String user) {
        return dao.getByUserName(user);
    }

The first one is working perfectly. When I try to reach it: spring asks me to log in. I do it and it shows me a message.
But when I'm trying to get to the second one it just keeps asking me for a login. And if I try to go to the first one, which worked perfectly fine it asks me to login again.
Experimentally I've figured out that RequestParam causes this problem.
I understand that the problem may be in the configuration itself, but I can't get It.

Thanks for the response in advance!"

EDIT
Here is full config class:

@Autowired
    UserDetailsService userDetailsService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().configurationSource(corsConfigurationSource()).and().csrf().
                disable()
                .authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS, "/**")
                .permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .httpBasic();
    }


    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        List<String> allowOrigins = Arrays.asList("*");
        configuration.setAllowedOrigins(allowOrigins);
        configuration.setAllowedMethods(singletonList("*"));
        configuration.setAllowedHeaders(singletonList("*"));
        //in case authentication is enabled this flag MUST be set, otherwise CORS requests will fail
        configuration.setAllowCredentials(true);
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }

    @Autowired
    public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
    }

You are telling to your spring security to check if user is authenticated for any request in .antMatchers(HttpMethod.OPTIONS, "/**").

EDIT

Your code should look like this:

 http.authorizeRequests()
          .antMatchers("/securityNone").permitAll()
          .anyRequest().authenticated()
          .and()
          .httpBasic()
          .authenticationEntryPoint(authenticationEntryPoint);
 
        http.addFilterAfter(new CustomFilter(),
          BasicAuthenticationFilter.class);

You need to separate the not secured access from the secured one