Mirko
Mirko

Reputation: 331

Handle HTTP Basic Authorization header in Spring

I try to authenticate (Basic Auth) to my Spring application by sending the credentials in the HTTP header.

I have protected, e.g., the resource

http://localhost:8080/app/home

Non-authenticated users get redirected to

http://localhost:8080/app/login.jsp

Now I send a GET request to localhost:8080/app/home with the encoded credentials in the HTTP header like this:

Authorization: Basic c2VjcmV0dXNlcjpzZWNyZXRwd2Q=

I use the "Advanced Rest Client" Chrome plugin to send the request, so I'm quite sure the header is sent correctly. But the server answers with a redirect to the login.jsp page.

It seems Spring does not take the Authorization header. Do I need to configure my Spring application to accept the "Authorization: Basic" HTTP header?

This is my security-config.xml:

<http use-expressions="true" access-denied-page="/login.jsp?authorization_error=true" xmlns="http://www.springframework.org/schema/security">
         <intercept-url pattern="/login.jsp" access="permitAll" />
         <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />

           <form-login authentication-failure-url="/login.jsp?authentication_error=true" default-target-url="/home"
            login-page="/login.jsp" login-processing-url="/login.do" />
        <logout logout-success-url="/index.jsp" logout-url="/logout.do" /> 
        <anonymous />
</http>

Upvotes: 2

Views: 2978

Answers (1)

holmis83
holmis83

Reputation: 16644

You need to add a http-basic tag inside the http tag. Add realm name as well.

<http realm="My application name" ...>
  <http-basic />
  ...
</http>

Upvotes: 2

Related Questions