| 12345678910111213141516171819202122 |
- ==== Basic authentication
- We stated that Spring Security supported both form and HTTP Basic authentication, but how does Spring Security know when to use one and not the other? When using HTTP Basic, the user should receive a HTTP 401 response, but when we visit our application in our web browser we are redirected to a login page. The reason for this is because Spring Security uses content negotiation to determine which type of authentication to use. For example, if we specified our *Accept* header to be _application/json_ the result would be an HTTP 401.
- You can use any tool you prefer (i.e. curl), but the instructions in this section we will use https://www.google.com/intl/en/chrome/browser/[Google Chrome] and the https://chrome.google.com/webstore/detail/postman-rest-client/fdmmgilgnpjigdojojpjoooidkmcomcm?hl=en[Postman - REST Client] to make an _application/json_ request to our application.
- * Open Google Chrome and launch the Postman - REST Client extension
- * Enter _http://localhost:8080/sample/_ into the request URL field
- * Select the *Headers* button
- * Enter _Accept_ into the *Header* input
- * Enter _application/json_ into the *Value* field
- * Presss the *Send* button
- Observe that we get an HTTP Status of 401 instead of our redirect. Now lets try entering our user name and password.
- * Select the *Basic Auth* tab
- * Enter _user_ for the *Username*
- * Enter _password_ for the *Password*
- * Click the *Refresh headers* button
- * Click the *Send* button
- This time you should see the HTML of our secured page.
|
