How does security filter works? (java config)

I am having problem with my java config spring mvc application. I have access control rule in my WebSecurityConfigurerAdapter, but when I make request to my application, the security filter does not seem to be check, and my request just pass through without any authentication.

so, I would like to understand how my rules are being applied to the filter chain, by what class, which method, and how to verify if my rules are in there working as expected.

my configuration is like the following, simply protect the /home only.
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/home").authenticated() .and().formLogin();//.loginPage("/login"); }

I have dig into source code of FilterChainProxy class and some other class, but still do not understand what is going on when I call HttpSecurity builder.