Spring-Security http-basic auth in addition to other authentication types

Posted by Keith on Stack Overflow See other posts from Stack Overflow or by Keith
Published on 2011-01-03T01:17:32Z Indexed on 2011/01/03 5:53 UTC
Read the original article Hit count: 289

I have a pretty standard existing webapp using spring security that requires a database-backed form login for user-specific paths (such as /user/**), and some completely open and public paths (such as /index.html).

However, as this webapp is still under development, I'd like to add a http-basic popup across all paths (/**) to add some privacy. Therefore, I'm trying to add a http-basic popup that asks for a universal user/pass combo (ex admin/foo) that would be required to view any path, but then still keep intact all of the other underlying authentication mechanisms.

I can't really do anything with the <http> tag, since that will confuse the "keep out the nosy crawlers" authentication with the "user login" authentication, and I'm not seeing any way to associate different paths with different authentication mechanisms.

Is there some way to do this with spring security? Alternatively, is there some kind of a dead simple filter that I can apply independently of spring-security's authentication mechanisms?

© Stack Overflow or respective owner

Related posts about java

Related posts about spring-security