Ignore authorization for some endpoints in Spring Boot

Question

I have my OAuth server and client which is being authorized by Oauth2.

Now if I need to call my service I need to:

1. Generate access token from the server using below API :

   localhost:9191/oauth/token?grant_type=password&username=krish&password=kpass

   Which is giving response like :

   "access_token": "ee41435d-8ad9-432e-82c1-07477e2b6956",
   "token_type": "bearer",
   "refresh_token": "ea6d83b4-62f6-4eaf-9f89-8600bd36690d",
   "expires_in": 3429,
   "scope": "READ WRITE"
   

2. Now I am passing access token, to run the client service like below:

So this is manually I am doing it. But I need to run it from the client code. When I am trying to hit the first API itself (server) to get the token, it is saying unauthorized. My service code is below :

I need to skip the authentication from the /getToken controller. How can I do that? Can anyone please help

My WebSecurityConfigurerAdapter class is as below: I added highlighted code after reading one answer below, but that also not working.

Answer 1

You may want to create a new configuration extending the WebSecurityConfigurerAdapter and override the configure method. Have a look at this guide for a practical example. Want you want to focus on is this part

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/", "/home").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
            .logout()
                .permitAll();
    }
}

As you can see in the example the path "/login","/","/home" are excluded from authentication. Check this other answer also: Spring Security exclude url patterns in security annotation configurartion