Multiple Authentication Methods with okta-spring-boot

I am creating an API that is mostly secured with the Okta spring boot starter. However, I also have an endpoint that I want to be secured by Basic Auth instead of OAuth2 (or at least have it be an option).

Most Spring Security documentation indicates that I should create two WebSecurityConfigurerAdapter classes, and that the last one indicated by Order() will be the fallback. This seems to work as expected when okta-spring-boot isn’t included, but it appears that the autoconfiguration seems to apply globally to all authenticated requests.

Here is an example of something I expected to work, but does not (the endpoint rejects requests without a valid bearer token):

@Order(1)
@Configuration
public static class RefreshSecurity extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
     http
             .antMatcher("/actuator/refresh")
             .csrf().disable()
             .formLogin().disable()
             .httpBasic().and()
             .authorizeRequests()
             .anyRequest().authenticated().and()
             .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
  }
}

@Order(2)
@Configuration
public static class EndpointSecurity extends WebSecurityConfigurerAdapter {
  @Override
  protected void configure(HttpSecurity http) throws Exception {
     http
             .authorizeRequests()
             .anyRequest().authenticated();

     Okta.configureResourceServer401ResponseBody(http);
  }
}

Is there some configuration I can add to the first WebSecurityConfigurerAdapter to disable the BearerTokenAuthenticationFilter in that filter chain?

I don’t mean to be mean, but it’s more of a Spring related question. I’d suggest to try their forums