Issue in securing Spring REST service With OAuth2 in Spring Boot

Question

I have been trying to secure my spring rest webs service by implementing OAuth2 in my application. I have been following this tutorial for implementing it.

I have implemented it similarly but for some reason when I hit /oauth/token URL with the postman, it does not return me token.

Here are my main code for files:

1.AuthorizacionServerConfiguration.java

@Configuration
@EnableAuthorizationServer
public class AuthorizacionServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;

@Autowired
private TokenStore tokenStore;

public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.inMemory()
    .withClient("User")
    .authorizedGrantTypes(new String[] { "password" }).authorities(new String[] { "ROLE_CLIENT", "ROLE_TRUSTED_CLIENT", "USER" }).accessTokenValiditySeconds(120)
    .scopes(new String[] { "read" }).autoApprove(true)
    .secret(passwordEncoder().encode("12345"));
}

public PasswordEncoder passwordEncoder() {
    return (PasswordEncoder)new BCryptPasswordEncoder();
}

public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    endpoints
    .authenticationManager(this.authenticationManager)
    .tokenStore(this.tokenStore);
}

@Bean
public TokenStore tokenStore() {
    return (TokenStore)new InMemoryTokenStore();
}
}

2.ResourceServerConfiguration.java

@EnableResourceServer
@RestController
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
    @SuppressWarnings("rawtypes")
    public void configure(HttpSecurity http) throws Exception {
    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl)http.authorizeRequests()
            .antMatchers(new String[] { "/api/v1/**","/oauth/token", "/oauth/authorize **" 
    })).permitAll();
  }
}

3.WebSecurityConfiguration.java

@EnableWebSecurity
class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

@Bean
@Override
public UserDetailsService userDetailsService() {
    UserDetails user = User.builder().username("user1").password(passwordEncoder().encode("pass1")).roles(new String[] { "USER" }).build();
    return (UserDetailsService)new InMemoryUserDetailsManager(new UserDetails[] { user });
}

@Bean
public PasswordEncoder passwordEncoder() {
    return (PasswordEncoder)new BCryptPasswordEncoder();
}

@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}
}

when I am trying to hit it with the postman. I get an unauthorized request message instead of an OAuth token. Please see the following screenshots:

Answer 1

I've copied this line-for-line with what you have into a new project and everything is working as expected, with exactly what you have here. My suggestion would be to check your dependencies. I have it working with spring boot, spring-boot-starter-oauth2-client, spring-boot-starter-oauth2-resource-server, spring-boot-starter-security, and spring-boot-starter-web all at version 2.3.5.RELEASE.