Tools and Technologies used in this article :

  1. Spring Framework 3.1.4

  2. Spring Security 3.1.4

  3. Spring Tool Suite 3.2

  4. JDK 1.6

  5. Tomcat 7

We'll modify our previous post Spring Security 3 Hello World Example to configure HTTP Basic authentication.

Note : HTTP Basic authentication scheme is not a secure method for user authentication, if connection between a Web Client and the server is not secured. User's credentials are encoded with BASE64 during transmission, but not encrypted or hashed. So if there is a possibility of credentials being intercepted, basic authentication can be used over HTTPS.

 

1. Modify Spring Security Configuration

Just add <http-basic/> in Spring Security configuration xml to configure HTTP basic authentication.

File : WEB-INF/spring-security.xml

 

2. Overall Project Structure

Overall Project Structure

 

3. Demo

Start the server and deploy the web application. Try to open the URL http://:/spring-security-http-basic-authentication/secured/mypage.

HTTP Response Header sent by the server

Browser will open the authentication dialog prompting for username and password.

HTTP basic authentication dialog

For wrong credentials, following authentication failure message will also be displayed.

authentication failure message

For correct username (srccodes) and password (password), you'll be able to view the secured page.

view the secured page
HTTP Request Header sent to the server
Note : 'c3JjY29kZXM6cGFzc3dvcmQ=' is Base64 encoded version of 'username:password' i.e. 'srccodes:password'.
Note : Basic authentication does not provide any logout functionality. Close the browser to logout.

 

Download SrcCodes

spring-security-http-basic-authentication: GitHub or zip

 

References