The problem is that you are using the RestTemplateBuilder in a wrong way. The RestTemplateBuilder is immutable. So when doing builder.basicAuthorization("username", "password") you actually get a new instance, with a BasicAuthorizationInterceptor added and configured, of the RestTemplateBuilder. (this applies to all configuration methods of the RestTemplateBuilder they all create a fresh copied instance).

However your code is discarding that specifically configured instance and you are basically using the non secured default RestTemplateBuilder.

@Bean
public RestTemplate restTemplate(RestTemplateBuilder builder) {
    builder.basicAuthorization("username", "password");
    RestTemplate template = builder.build();
    return template;
}

This code should be replaced with something like this.

@Bean
public RestTemplate restTemplate(RestTemplateBuilder builder) {
    return builder.basicAuthorization("username", "password").build();
}

Which will use the specifically configured instance.

One solution is to create the RestTemplate as follows:

@Bean
public RestTemplate restTemplate(RestTemplateBuilder builder) {
    RestTemplate template = builder.build();
    template.setMessageConverters(
        Arrays.asList(
            new FormHttpMessageConverter(),
            new StringHttpMessageConverter()
        )
    );
    template.getInterceptors().add(new BasicAuthorizationInterceptor("username", "password"));

    return template;
}