Spring-Security http-basic auth in addition to other authentication types
Posted
by
Keith
on Stack Overflow
See other posts from Stack Overflow
or by Keith
Published on 2011-01-03T01:17:32Z
Indexed on
2011/01/03
5:53 UTC
Read the original article
Hit count: 289
I have a pretty standard existing webapp using spring security that requires a database-backed form login for user-specific paths (such as /user/**), and some completely open and public paths (such as /index.html).
However, as this webapp is still under development, I'd like to add a http-basic popup across all paths (/**) to add some privacy. Therefore, I'm trying to add a http-basic popup that asks for a universal user/pass combo (ex admin/foo) that would be required to view any path, but then still keep intact all of the other underlying authentication mechanisms.
I can't really do anything with the <http>
tag, since that will confuse the "keep out the nosy crawlers" authentication with the "user login" authentication, and I'm not seeing any way to associate different paths with different authentication mechanisms.
Is there some way to do this with spring security? Alternatively, is there some kind of a dead simple filter that I can apply independently of spring-security's authentication mechanisms?
© Stack Overflow or respective owner