There are many use cases where you would want to combine both basic and form based authentication when using Spring Security. This was possible with earlier releases of Spring Security but a lot more involved. However, if you can wait for a couple of months for Spring Security 3.1.0 to be released, it can be done by defining multiple http elements in your Spring Security application context file. Multiple http elements couldn't be defined in Spring Security 3.0.X.
The use case we had was to support basic authentication for our REST services, and form based authentication for the same application with a WEB interface.
If you download the Spring Security 3.1.0 M1 release, the PDF also has an example with the same use case scenario.
Add the following http elements in your application context file, change the URL patterns accordingly and you are all set:
Isn't this so simple and easy?
Posts
Very simple and easy. Took me few seconds. Thanks you!
ReplyDeleteHi,
ReplyDeleteDo you have an example to demo combining form based and digest authentication in the same web app ? I am specifically looking for the details in configuration file i.e security.xml
Thanks
I am pretty sure replacing http-basic element with digest should work.
ReplyDeleteHello,
ReplyDeleteany idea about when Spring Security 3.1 will be released ? I can't find any release date on the Spring site...