CODEWITHSUNDEEP
javaspring-bootsecurityspring-security
Angellic Doll
Angellic Doll

Reputation: 43

Difference between httpBasic() and authorizeRequest()

Okay, I am learning spring security and I came across some private code which has something like below configured. httpSecurity.authorizeRequests().anyRequest().permitAll();

Now, i was seeing javadocs of httpsecurity methods and came across httpBasic()

httpSecurity.httpBasic();

Output of both these lines are same. So, can some one help me understand the difference?

Upvotes: 1

Views: 2843

Answers (1)

Eklavya
Eklavya

Reputation: 18450

authorizeRequest()

authorizeRequest() used for restricting access based upon the HttpServletRequest using RequestMatcher implementations (i.e. via URL patterns).

Example Configurations:

The most basic example is to configure all URLs to require the role "ROLE_USER". The configuration below requires authentication to every URL and will grant access to both the user "admin" and "user". 

protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests(authorizeRequests ->
                                authorizeRequests
                                        .antMatchers("/**").hasRole("USER")
                        )
                        .formLogin(withDefaults());
        }

httpBasic()

Configures HTTP Basic authentication. HTTP Basic authentication implementation is the simplest technique for enforcing access controls to web resources because it does not require cookies, session identifiers, or login pages. The default realm is "Spring Security Application".

Example Configurations

The example below demonstrates how to configure HTTP Basic authentication for an application.

@Configuration
 @EnableWebSecurity
 public class HttpBasicSecurityConfig extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().antMatchers("/**").hasRole("USER").and().httpBasic();
        }

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
        }
 }

Upvotes: 1

Related Questions