Reputation: 331
I try to authenticate (Basic Auth) to my Spring application by sending the credentials in the HTTP header.
I have protected, e.g., the resource
http://localhost:8080/app/home
Non-authenticated users get redirected to
http://localhost:8080/app/login.jsp
Now I send a GET request to localhost:8080/app/home with the encoded credentials in the HTTP header like this:
Authorization: Basic c2VjcmV0dXNlcjpzZWNyZXRwd2Q=
I use the "Advanced Rest Client" Chrome plugin to send the request, so I'm quite sure the header is sent correctly. But the server answers with a redirect to the login.jsp page.
It seems Spring does not take the Authorization header. Do I need to configure my Spring application to accept the "Authorization: Basic" HTTP header?
This is my security-config.xml:
<http use-expressions="true" access-denied-page="/login.jsp?authorization_error=true" xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/login.jsp" access="permitAll" />
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<form-login authentication-failure-url="/login.jsp?authentication_error=true" default-target-url="/home"
login-page="/login.jsp" login-processing-url="/login.do" />
<logout logout-success-url="/index.jsp" logout-url="/logout.do" />
<anonymous />
</http>
Upvotes: 2
Views: 2978
Reputation: 16644
You need to add a http-basic tag inside the http tag. Add realm name as well.
<http realm="My application name" ...>
<http-basic />
...
</http>
Upvotes: 2