Results 1 to 2 of 2

Thread: HTTP Basic authentication without authorization

  1. Sep 1st, 2012, 12:24 AM #1
    vmarcinko
    vmarcinko is offline Member
    Join Date
    Aug 2004
    Posts
    86

    Default HTTP Basic authentication without authorization

    Hello,

    I am just a newbie with Spring Security, so can you help me with following.

    I would like to set-up HTTP Basic authentication, but without default authorization. Meaning, for some reasons, I would like to authorize the logged in principal found in SecurityContext using my custom code, but I would still like Spring Security to perform HTTP basic authentication.

    using standard piece of XML config, such as:

    <security:http>
    <security:intercept-url pattern="/api/*" access="ROLE_USER" />
    <security:http-basic />
    </security:http>

    performs authentication together with authorization (access="ROLE_USER"), but I would like to perform authorization by myself, inside my controller.

    Help?

    -Vjeran
    Reply With Quote Reply With Quote
  2. Sep 4th, 2012, 03:13 AM #2
    takach
    takach is offline Junior Member
    Join Date
    Jul 2009
    Posts
    13

    Default

    Use Expression-Based Access Control, see http://static.springsource.org/sprin...el-access.html.

    In your case
    <security:http use-expressions="true">
    <security:intercept-url pattern="/api/*" access="isAuthenticated()" />
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules