Spring Security HTTP basic authentication example

by

When HTTP basic authentication is configured, web browser will display a login dialog for user authentication. This tutorial show you how to configure HTTP basic authentication in Spring Security.


  <http>
	<intercept-url pattern="/welcome*" access="ROLE_USER" />
	<http-basic />
  </http>

Last Spring Security form-based login example will be reused, but switch authentication to support HTTP basic.

1. Spring Security

To enable HTTP basic, just change “form-login” to “http-basic” tag.


<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" 
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

	<!-- HTTP basic authentication in Spring Security -->
	<http>
		<intercept-url pattern="/welcome*" access="ROLE_USER" />
		<http-basic />
	</http>

	<authentication-manager>
	   <authentication-provider>
	       <user-service>
		   <user name="mkyong" password="123456" authorities="ROLE_USER" />
	       </user-service>
	   </authentication-provider>
	</authentication-manager>

</beans:beans>

Done, that’s all.

2. Demo

When access the secured URL, browser will display a login dialog box automatically.

URL : http://localhost:8080/SpringMVC/welcome

http basic example

Download Source Code

Download it – Spring-Security-HTTP-Basic-Authentication-Example.zip (9 KB)

References

  1. Spring Security hello world example
  2. Spring Security form-based login example

mkyong

Founder of Mkyong.com, passionate Java and open-source technologies. If you enjoy my tutorials, consider making a donation to these charities.

12 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
marco from memrise
3 years ago

thank you.

0
Reply
Savani
9 years ago

Why I am not able to logout with this example ? When I click on ‘logout’ link, I see nothing:

0
Reply
eis
10 years ago

only way this worked for me was by replacing the first ROLE_USER with isAuthenticated()

0
Reply
Supun Dharmarathne
11 years ago

Thanks for the post 🙂

Here is the Java Configuration..

https://supundharmarathne.wordpress.com/2015/02/17/spring-security-basic-http-authentication/

0
Reply
Sathesh
11 years ago

When will it ask for the credentials again if i have entered the correct credentials ??

0
Reply
Savani
9 years ago
Reply to  Sathesh

Hey, Are you able to logout with this code? I was not.

0
Reply
srikanth
12 years ago

Hi mkyong,

How can we integrate single sign-on with the spring security.

Thank you

0
Reply
Pianista
12 years ago

Hi mkyong,

One question, is there a way to suppress this dialog on the browser from the server?

For example if we want to hide this resource to all the people that is not passing by default the AuthBasic headers on their requests.

Thank you

0
Reply
sooriyah
12 years ago

where can i find the /welcome usage…can u plz eplain me in detail..i am new to spring

0
Reply
David
13 years ago

Hi good morning, i want to create a web service and i use spring security, but i want to connect to a database and check for the existence user instead of using an xml. I hope you can tell how to configure that greetings.

0
Reply
BrahmaReddy
13 years ago

will you please give spring insertion, selection, update of programs for struts, springs.
Thanks,
BrahmaReddy

0
Reply
Betlista
13 years ago

Thanks for your post 😉

Just small note – if you want to change “The server says:” part, you can specify realm in http tag


<http realm="My secured application">
...
</http>
-1
Reply