To implement HTTP Basic Authentication, it is necessary to
define BasicProcessingFilter
in the filter chain.
The application context will need to define the
BasicProcessingFilter
and its required
collaborator:
<bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="authenticationEntryPoint"><ref bean="authenticationEntryPoint"/></property> </bean> <bean id="authenticationEntryPoint" class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint"> <property name="realmName"><value>Name Of Your Realm</value></property> </bean>
The configured AuthenticationManager
processes each authentication request. If authentication fails, the
configured AuthenticationEntryPoint
will be used to
retry the authentication process. Usually you will use the
BasicProcessingFilterEntryPoint
, which returns a
401 response with a suitable header to retry HTTP Basic
authentication. If authentication is successful, the resulting
Authentication
object will be placed into the
SecurityContextHolder
.
If the authentication event was successful, or authentication
was not attempted because the HTTP header did not contain a supported
authentication request, the filter chain will continue as normal. The
only time the filter chain will be interrupted is if authentication
fails and the AuthenticationEntryPoint
is called,
as discussed in the previous paragraph