HTTP Basic authentication without authorization

Hello,

I am just a newbie with Spring Security, so can you help me with following.

I would like to set-up HTTP Basic authentication, but without default authorization. Meaning, for some reasons, I would like to authorize the logged in principal found in SecurityContext using my custom code, but I would still like Spring Security to perform HTTP basic authentication.

using standard piece of XML config, such as:

<security:http>
<security:intercept-url pattern="/api/*" access="ROLE_USER" />
<security:http-basic />
</security:http>

performs authentication together with authorization (access="ROLE_USER"), but I would like to perform authorization by myself, inside my controller.

Help?

-Vjeran

Use Expression-Based Access Control, see http://static.springsource.org/sprin...el-access.html.

In your case
<security:http use-expressions="true">
<security:intercept-url pattern="/api/*" access="isAuthenticated()" />