Spring Security - problem with login form

Hello!
I have got Spring Security issue-its kinda silly but I cannot login to my app on tomcat server using login form provided by spring security.
I added admin account using application.properties

spring.h2.console.enabled=true spring.datasource.url=jdbc:h2:mem:testdb spring.datasource.driverClassName=org.h2.Driver spring.datasource.username=sa spring.datasource.password=sa spring.jpa.database-platform=org.hibernate.dialect.H2Dialect spring.security.user.name=admin spring.security.user.password={bcrypt}$2a$10$7F7xGm8iuzafFA7RPS8gzeKJm9qNBwtejT4hSuBKXMNlc/4NxOy1G spring.security.user.roles=ADMIN

When I provided admin login (admin/admin or even this bcrypted code to the form) app throwing me an error
java.lang.RuntimeException: com.fasterxml.jackson.core.JsonParseException: Unrecognized token 'username': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false') at [Source: (org.apache.catalina.connector.CoyoteInputStream); line: 1, column: 10] at app.security.JWTAuthenticationFilter.attemptAuthentication(JWTAuthenticationFilter.java:49) ~[classes/:na]
This is my:
UserDetailsServiceImpl
package app.service; import app.data.AppUserRepositoryImpl; import app.model.AppUser; import app.data.AppUserRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; import java.util.ArrayList; import java.util.Collection; @Service public class UserDetailsServiceImpl implements UserDetailsService {    AppUserRepositoryImpl appUserRepository;    @Value("${spring.security.user.name}")    private String adminUserName;    @Value("${spring.security.user.password}")    private String adminPassword;    @Value("${spring.security.user.roles}")    private String adminRole;    @Autowired    public UserDetailsServiceImpl(AppUserRepositoryImpl appUserRepository) {        this.appUserRepository = appUserRepository;    }    @Override    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {        AppUser appUser = appUserRepository.findByUsername(username);        Collection<GrantedAuthority> authorities = new ArrayList<>();        if (username.equals("admin")) {            return User.builder().username(adminUserName).password(adminPassword).roles(adminRole).build();        }        if (appUser.isProfessor()) {            authorities.add(new SimpleGrantedAuthority("PROFESSOR"));            return new User(appUser.getUsername(), appUser.getPassword(), authorities);        }        if (!appUser.isProfessor()) {            authorities.add(new SimpleGrantedAuthority("STUDENT"));            return new User(appUser.getUsername(), appUser.getPassword(), authorities);        }        throw new UsernameNotFoundException(username);    } }

SecurityConfiguration
package app.security; import app.service.UserDetailsServiceImpl; import lombok.RequiredArgsConstructor; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; @Configuration @RequiredArgsConstructor @EnableWebSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter {    private UserDetailsServiceImpl userDetailsService;    private BCryptPasswordEncoder bCryptPasswordEncoder;    @Autowired    public SecurityConfiguration(UserDetailsServiceImpl userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {        this.userDetailsService = userDetailsService;        this.bCryptPasswordEncoder = bCryptPasswordEncoder;    }    @Override    protected void configure(HttpSecurity http) throws Exception {        http.cors().and().csrf().disable().authorizeRequests()                .antMatchers("/admin-home/**").hasRole("ADMIN")                .antMatchers("/h2-console/**").hasRole("ADMIN")                .antMatchers("/professor-home/**").hasRole("PROFESSOR")                .antMatchers("/student-home/**").hasRole("STUDENT")                .anyRequest().authenticated()                .and()                .addFilter(new JWTAuthenticationFilter(authenticationManager()))                .addFilter(new JWTAuthorizationFilter(authenticationManager()))                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)                .and()                .formLogin()                .permitAll()                .and()                .logout().permitAll();        http.headers().frameOptions().sameOrigin();    }    @Override    public void configure(AuthenticationManagerBuilder auth) throws Exception {        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);    }    @Bean    CorsConfigurationSource corsConfigurationSource() {        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();        source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());        return source;    } }

JWTAuthenticationFilter

package app.security; import app.model.AppUser; import com.auth0.jwt.JWT; import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.User; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.ArrayList; import java.util.Date; import static com.auth0.jwt.algorithms.Algorithm.HMAC512; import static app.security.SecurityConstants.EXPIRATION_TIME; import static app.security.SecurityConstants.HEADER_STRING; import static app.security.SecurityConstants.SECRET; import static app.security.SecurityConstants.TOKEN_PREFIX; public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilter {    private AuthenticationManager authenticationManager;    public JWTAuthenticationFilter(AuthenticationManager authenticationManager) {        this.authenticationManager = authenticationManager;    }    @Override    public Authentication attemptAuthentication(HttpServletRequest request,                                                HttpServletResponse response) throws AuthenticationException {        try {            AppUser credentials = new ObjectMapper()                    .readValue(request.getInputStream(), AppUser.class);            return authenticationManager.authenticate(                    new UsernamePasswordAuthenticationToken(                            credentials.getUsername(),                            credentials.getPassword(),                            new ArrayList<>())            );        } catch (IOException e) {            throw new RuntimeException(e);        }    }    @Override    protected void successfulAuthentication(HttpServletRequest req,                                            HttpServletResponse res,                                            FilterChain chain,                                            Authentication auth) throws IOException, ServletException {        String token = JWT.create()                .withSubject(((User) auth.getPrincipal()).getUsername())                .withExpiresAt(new Date(System.currentTimeMillis() + EXPIRATION_TIME))                .sign(HMAC512(SECRET.getBytes()));        res.addHeader(HEADER_STRING, TOKEN_PREFIX + token);    } }

JWTAuthorization

package app.security; import com.auth0.jwt.JWT; import com.auth0.jwt.algorithms.Algorithm; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.ArrayList; import static app.security.SecurityConstants.TOKEN_PREFIX; import static app.security.SecurityConstants.HEADER_STRING; import static app.security.SecurityConstants.SECRET; public class JWTAuthorizationFilter extends BasicAuthenticationFilter {    public JWTAuthorizationFilter(AuthenticationManager authenticationManager) {        super(authenticationManager);    }    @Override    protected void doFilterInternal(HttpServletRequest req,                                    HttpServletResponse res,                                    FilterChain chain) throws IOException, ServletException {        String header = req.getHeader(HEADER_STRING);        if (header == null || !header.startsWith(TOKEN_PREFIX)) {            chain.doFilter(req, res);                                       //chain of responsibility            return;        }        UsernamePasswordAuthenticationToken authentication = getAuthentication(req);        SecurityContextHolder.getContext().setAuthentication(authentication);        chain.doFilter(req, res);    }    private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest request) {        String token = request.getHeader(HEADER_STRING);        if (token != null) {            String user = JWT.require(Algorithm.HMAC512(SECRET.getBytes()))                    .build()                    .verify(token.replace(TOKEN_PREFIX, ""))                    .getSubject();            if (user != null) {                return new UsernamePasswordAuthenticationToken(user, null, new ArrayList<>());            }            return null;        }        return null;    } }

I guess your issue comes from the JWTAuthenticationFilter:
 AppUser credentials = new ObjectMapper()                    .readValue(request.getInputStream(), AppUser.class);
Your request.getInputStream() cannot be parsed into JSON format of AppUser.

How about
String username = obtainUsername(request);
String password = obtainPassword(request);

In the request, set the headers of username and password to your username / password.
Pass the username and password to your authenticationManager.authenticate() method.

Hello!
Thank you for your answer. So I tried several approaches with this advice.

Version no.1 (this one looks better)
       @Override    public Authentication attemptAuthentication(HttpServletRequest request,                                                HttpServletResponse response) throws AuthenticationException {        if (!request.getMethod()                .equals("POST")) {            throw new AuthenticationServiceException("Method not supported: " + request.getMethod());        }        String username = obtainUsername(request);        String password = obtainPassword(request);        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);        setDetails(request,authRequest);        return authenticationManager.authenticate(authRequest);    }

Version no.2
   @Override    public Authentication attemptAuthentication(HttpServletRequest request,                                                HttpServletResponse response) throws AuthenticationException {        String username = obtainUsername(request);        String password = obtainPassword(request);        return authenticationManager.authenticate(                new UsernamePasswordAuthenticationToken(                        username,                        password,                        new ArrayList<>())        );    }
In browser when I login it redirects me me to the blank page instead of calling login form again-so I think this means that everything is ok with both methods.
When I try to send credentials using postman- app throwing me InternalAuthenticationServiceException in authenticate method (in both versions). And Im not sure right now if it is lack of experience and basic knowledge about postman or still something is wrong with this code.
Thank you for review!
Best regards

So, in Postman, do you set username and password in the header of the request?
I mean click on the "Headers" and input username as the key , admin as the value. Also input password as the key , BASIC $2a$10$7F7xGm8iuzafFA7RPS8gzeKJm9qNBwtejT4hSuBKXMNlc/4NxOy1G as the value.

Also, do  you specify formLogin().loginPage("/login")  in your security config ?

Reference:
https://www.baeldung.com/spring-security-extra-login-fields

One more note. I guess you may need to define a bean for PasswordEncoder. Example :
spring boot security example