0

I need to implement REST Basic authentication in my application. In which the request will contain a header with the value of the username:password encrypted to base64.

My application uses DaoAuthenticationProvider. This way, the provider expects username & password in order to do the authentication process.

From the configuration of the authentication filter, I saw that the filter has two properties (usernameParameter and passwordParameter). In my case, the username and password will not be sent as parameters so I thought to have a filter before the authentication processing filter which retrieve the required data from the request header, then pass it to the next filter.

My questions:

  1. Is this the proper way to do rest basic authentication? Or there are any other ways?
  2. Is there any example for having a custom filter before the authentication processing filter?
Improve this question
1

1 Answer 1

Reset to default
1

You're probably looking at the wrong filter because there is one that does HTTP basic auth already (see e.g. docs here). Example:

protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
        .anyRequest().authenticated()
        .and()
     .httpBasic();
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Dave, correct me if I am wrong, what should I do is just adding <http use-expressions="true"> <intercept-url pattern="/**" access="authenticated"/> <form-login /> <http-basic /> </http> and change the pattern to the Rest URL? If the application uses DelegatingFilterProxy, how should this work?
There's an XML example right there in the reference docs (see link above) if you prefer to use XML. Why do you want to use form login? (Not sure what you mean about the DelegatingFilterProxy - isn't that a separate question?).

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.