HTTP Basic authentication without authorization
I am just a newbie with Spring Security, so can you help me with following.
I would like to set-up HTTP Basic authentication, but without default authorization. Meaning, for some reasons, I would like to authorize the logged in principal found in SecurityContext using my custom code, but I would still like Spring Security to perform HTTP basic authentication.
using standard piece of XML config, such as:
<security:intercept-url pattern="/api/*" access="ROLE_USER" />
performs authentication together with authorization (access="ROLE_USER"), but I would like to perform authorization by myself, inside my controller.