Reputation: 579
I guess if is possible to use the Grails Spring Security Rest[1] plugin in order to authentication API requests using HTTP Basic Authentication?
An example is Stripe API [2], in which the requests are authenticated using a Token send in the Username field of the HTTP Basic Authentication.
curl https://api.stripe.com/v1/charges -u sk_test_BQokikJOvBiI2HlWgH4olfQ2
curl uses the -u flag to pass basic auth credentials (adding a colon after your API key will prevent it from asking you for a password).
A sample test API key has been provided in all the examples on the page, so you can test out any example right away.
[1]http://grails.org/plugin/spring-security-rest [2]https://stripe.com/docs/api#authentication
Upvotes: 0
Views: 1264
Reputation: 904
The problem with the approach you mention is that Spring Security Core's HTTP Basic support doesn't expect to receive a token in the username. It will try to authenticate the request the configured authentication providers (eg: the DB) with an empty password.
You will have to replace RestAuthenticationFilter
adding a behaviour like the one provided by BasicAuthenticationFilter
. As it's Spring under the covers, you can easily replace one bean.
Upvotes: 1