Announcement Announcement Module
Collapse
No announcement yet.
HTTP Basic authentication without authorization Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • HTTP Basic authentication without authorization

    Hello,

    I am just a newbie with Spring Security, so can you help me with following.

    I would like to set-up HTTP Basic authentication, but without default authorization. Meaning, for some reasons, I would like to authorize the logged in principal found in SecurityContext using my custom code, but I would still like Spring Security to perform HTTP basic authentication.

    using standard piece of XML config, such as:

    <security:http>
    <security:intercept-url pattern="/api/*" access="ROLE_USER" />
    <security:http-basic />
    </security:http>

    performs authentication together with authorization (access="ROLE_USER"), but I would like to perform authorization by myself, inside my controller.

    Help?

    -Vjeran

  • #2
    Use Expression-Based Access Control, see http://static.springsource.org/sprin...el-access.html.

    In your case
    <security:http use-expressions="true">
    <security:intercept-url pattern="/api/*" access="isAuthenticated()" />

    Comment

    Working...
    X