Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support using basic authentication with Spring Security [DATAREST-15] #398

Open
spring-projects-issues opened this issue Jun 14, 2012 · 3 comments
Open

Support using basic authentication with Spring Security [DATAREST-15] #398

spring-projects-issues opened this issue Jun 14, 2012 · 3 comments
Labels
type: enhancement A general enhancement

Comments

@spring-projects-issues
Copy link

Mark Pollack opened DATAREST-15 and commented

Issue Links:

  • DATAREST-397 Write tests verifying proper integration with Spring Security
    ("depends on")

2 votes, 4 watchers
@spring-projects-issues
Copy link
Author

wims.tijd commented

basic example

<security:http authentication-manager-ref="authentication-manager" auto-config="false" use-expressions="true">
<security:intercept-url pattern="/**" access="isFullyAuthenticated()" />
security:http-basic/
</security:http>

<security:authentication-manager alias="authentication-manager">
	<security:authentication-provider user-service-ref="user-service"/>
</security:authentication-manager>

<security:user-service id="user-service">
	<security:user name="hateos" password="rest" authorities="LOAN_READ"/>
</security:user-service>

<security:global-method-security authentication-manager-ref="authentication-manager" pre-post-annotations="enabled"/>

with annotated repository interface : @PreAuthorize("hasRole('LOAN_READ')")

@spring-projects-issues
Copy link
Author

Michael Wilmes commented

Is this still an issue? I have SDR working with Spring Data Security with BASIC authentication:

<http pattern="/api/**" auto-config="true" use-expressions="true">
	<intercept-url pattern="/api/**" access="hasRole('ROLE_USER')" />
	<http-basic />
</http>
1. curl "http://localhost:8080/api/businessRule"
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
<title>Error 401 Full authentication is required to access this resource</title>
</head>
<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /api/businessRule. Reason:
<pre>    Full authentication is required to access this resource</pre></p><hr /><i><small>Powered by Jetty://</small></i><br/>
<br />
</body>
</html>

1. curl "http://user1:userpw@localhost:8080/api/businessRule"
{
  "links" : [ {
    "rel" : "businessRule.search",
    "href" : "http://localhost:8080/api/businessRule/search"
  } ],
  "content" : [ ],
  "page" : {
    "size" : 0,
    "totalElements" : 0,
    "totalPages" : 0,
    "number" : 1
  }
}

@spring-projects-issues
Copy link
Author

Greg Turnquist commented

DATAREST-397 verifies that Spring Data REST currently works with Spring Security. There was an issue when securing at the repository level with annotations for which we are waiting for Spring Security's latest release to reach GA before we release official support here

@spring-projects-issues spring-projects-issues added the type: enhancement A general enhancement label Dec 31, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@spring-projects-issues