i have this code below that represents the Main Controller but when i try to test it with postman it gives me an 404 error and forbidden

package com.auto.website.controllers;

import java.security.Principal;
import java.util.Date;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
import jakarta.validation.Valid;

import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;

import com.auto.website.models.User;
import com.auto.website.services.UserService;
import com.auto.website.Validator.UserValidator;

//HELP
// /questions/74907533/the-method-antmatchersstring-is-undefined-for-the-type
// /questions/74683225/updating-to-spring-security-6-0-replacing-removed-and-deprecated-functionality
// https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html

@Controller
public class MainController {
    
    private UserService userService;
    private UserValidator userValidator;
    
    public MainController(UserService userService, UserValidator userValidator) {
        this.userService = userService;
        this.userValidator = userValidator;
    }
    
    @RequestMapping("/register")
    public String registration(
            @Valid @ModelAttribute("user") User user, 
            BindingResult result, 
            Model model, 
            HttpSession session,
            HttpServletRequest request) {
        userValidator.validate(user, result);
        // Store the password before it is encrypted
        String password = user.getPassword();
        if(result.hasErrors()) {
            return "loginPage.jsp";
        }
        // Make first user SUPER ADMIN
        if(userService.allUsers().size()==0) {
            userService.newUser(user, "ROLE_SUPER_ADMIN");
        }else {
            userService.newUser(user, "ROLE_USER");
        }
        
        // Log in new user with the password we stored before encrypting it
        authWithHttpServletRequest(request, user.getEmail(), password);
        return "redirect:/";
    }
    
    // We will call this method to automatically log in newly registered users
    public void authWithHttpServletRequest(HttpServletRequest request, String email, String password) {
        try {
            request.login(email, password);
        } catch (ServletException e) {
            System.out.println("Error while login: " + e);
        }
    }
    
    @RequestMapping("/admin/{id}")
    public String makeAdmin(Principal principal, @PathVariable("id") Long id, Model model) {
        if(principal==null) {
            return "redirect:/login";
        }
        
        User user = userService.findById(id);
        userService.upgradeUser(user);
        
        model.addAttribute("users", userService.allUsers());
         
        return "redirect:/home";
    }
    
    @RequestMapping("/login")
    public String login(
            @ModelAttribute("user") User user,
            @RequestParam(value="error", required=false) String error, 
            @RequestParam(value="logout", required=false) String logout, 
            Model model) {
        
        if(error!=null) {
            model.addAttribute("errorMessage","Invalid Credentials, Please try again.");
        }
        if(logout!=null) {
            model.addAttribute("logoutMessage","Logout Successful!");
        }
        
        return "loginPage.jsp";
    }
    
    @RequestMapping(value={"/", "/home"})
    public String home(Principal principal, Model model) {
        if(principal==null) {
            return "redirect:/login";
        }
        String email = principal.getName();
        User user = userService.findByEmail(email);
        model.addAttribute("user", user);
        
        if(user!=null) {
            user.setLastLogin(new Date());
            userService.updateUser(user);
            // If the user is an ADMIN or SUPER_ADMIN they will be redirected to the admin page
            if(user.getRoles().get(0).getName().contains("ROLE_SUPER_ADMIN")||user.getRoles().get(0).getName().contains("ROLE_ADMIN")) {
                model.addAttribute("currentUser", userService.findByEmail(email));
                model.addAttribute("users", userService.allUsers());
                return "adminPage.jsp";
            }
            // All other users are redirected to the home page
        }
        
        return "home.jsp";
    }
    
    @RequestMapping("/delete/{id}")
    public String deleteUser(Principal principal, @PathVariable("id") Long id, HttpSession session, Model model) {  
        if(principal==null) {
            return "redirect:/login";
        }
        User user = userService.findById(id);
        userService.deleteUser(user);
        
        model.addAttribute("users", userService.allUsers());
         
        return "redirect:/home";
    }

}

i have a security config file i don’t know if the problem is from the MainController or the spring security file

package com.auto.website.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;

@Configuration
public class WebSecurityConfig {
    
    private UserDetailsService userDetailsService;
    @Autowired HandlerMappingIntrospector introspector;
    
    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }
    
    @Bean
    protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception{      
        http
            .authorizeHttpRequests(
                    auth -> auth.requestMatchers(
                            new MvcRequestMatcher(introspector, "/css/**"),
                            new MvcRequestMatcher(introspector, "/js/**"),
                            new MvcRequestMatcher(introspector, "/register"),
                            new MvcRequestMatcher(introspector, "/login")
                            ).permitAll()
                    .requestMatchers(
                            new MvcRequestMatcher(introspector, "/delete/"),
                            new MvcRequestMatcher(introspector, "/admin/**")
                            ).hasAnyRole("SUPER_ADMIN", "ADMIN")
                    .requestMatchers(new MvcRequestMatcher(introspector, "/home")).authenticated()
                    .anyRequest().permitAll()
                    )
            .formLogin(
                    form -> form.loginPage("/login")
                    .usernameParameter("email") // Use email instead of userName for login purposes
                    .permitAll()
                    )
            .logout(
                    logout -> logout.permitAll()
                    );
        
        return http.build();
    }
    
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
    } 
    
}

this is the security file i can submit the other files if needed need help asap