Spring Security Basic Authentication comes more into into implementation for SOAP and RESTful services, where there is no particular login URLs and we still are concerned about the user authentication. We already seen the Spring Security implementation on a simple Spring based login application. In this example, we will understand how we can go for the basic HTTP authentication in the same application, but without any login page.
Lets directly move on to the implementation part, which should be hassle-free if we have already integrated Spring Security with our Spring application. If not, you can quickly navigate to this link, and get the required setup/integration done. What you won’t need is the login.jsp page. The spring-security.xml file content must be slightly different like mentioned below.
<access-denied-handler error-page="/403page" />
<intercept-url pattern="/admin**" access="ROLE_ADMIN" />
<intercept-url pattern="/user**" access="ROLE_USER" />
<logout logout-success-url="/login?logout" />
<user name="admin" password="123" authorities="ROLE_ADMIN" />
<user name="user" password="123" authorities="ROLE_USER" />
3. Run the application
According to the code snippet in the previous section, if I try hitting the application with the secured URL pattern i.e. /admin or /user, the application must invoke a browser dialog box automatically asking for the credentials, as shown in the below snapshot.
So if I try logging-in with the credentials admin/123, the application will redirect me to the admin home page after successful authentication.
4. Useful Links
5. Download source code