2

I try to authenticate (Basic Auth) to my Spring application by sending the credentials in the HTTP header.

I have protected, e.g., the resource 

http://localhost:8080/app/home

Non-authenticated users get redirected to 

http://localhost:8080/app/login.jsp

Now I send a GET request to localhost:8080/app/home with the encoded credentials in the HTTP header like this:

Authorization: Basic c2VjcmV0dXNlcjpzZWNyZXRwd2Q=

I use the "Advanced Rest Client" Chrome plugin to send the request, so I'm quite sure the header is sent correctly. But the server answers with a redirect to the login.jsp page.

It seems Spring does not take the Authorization header. Do I need to configure my Spring application to accept the "Authorization: Basic" HTTP header?

This is my security-config.xml:

<http use-expressions="true" access-denied-page="/login.jsp?authorization_error=true" xmlns="http://www.springframework.org/schema/security">
         <intercept-url pattern="/login.jsp" access="permitAll" />
         <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />

           <form-login authentication-failure-url="/login.jsp?authentication_error=true" default-target-url="/home"
            login-page="/login.jsp" login-processing-url="/login.do" />
        <logout logout-success-url="/index.jsp" logout-url="/logout.do" /> 
        <anonymous />
</http>
Improve this question

1 Answer 1

Reset to default
2

You need to add a http-basic tag inside the http tag. Add realm name as well.

<http realm="My application name" ...>
  <http-basic />
  ...
</http>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.