In your <authorization-server/>
you haven't set the AuthenticationManager
in the <password/>
grant type (so it is using the default bean name "authenticationManager" which you have mapped to the client credentials).
An additional problem is that you use <authentication-manager/>
twice without giving an explicit "id=" for either, which actually has the effect of defining only one AuthenticationManager
since the second one overrides the first (they both have the same id). Try using "id=" instead of "alias=".
You really need to send the client credentials in a header if you can (but you probably know that).