Spring Security Basic Authentication Resource Server

This is a simple example of using Spring Security and Spring MVC to provide an API that is secured by HTTP Basic authentication.

Building and running

You can run the application directly from Maven using the Spring Boot Maven plugin:

$ ./mvnw spring-boot:run

Or you can build the application with Maven and then run the resulting JAR file:

$ ./mvnw package
$ java -jar target/basic-resource-server-0.0.1-SNAPSHOT.jar

Or you may import the project into your IDE of choice and run it from there.

Once the application is running, the API and resource server will be listening for requests on port 8080.

Consuming the API

The API provided by this application has two endpoints:

• /unsecured - An unsecured endpoint that requires no authentication.

• /secured - A secured endpoint that can only be access with HTTP Basic authentication in the request.

Using curl, you should be able to consume the /unsecured endpoint without any restriction:

$ curl localhost:8080/unsecured
This is an unsecured resource

If, however, you attempt to consume the /secured endpoint without providing user credentials, you will receive an HTTP 401 (Unauthorized) response:

$ curl localhost:8080/secured
{"error":"unauthorized","error_description":"Full authentication is required to access this resource"}

In order to successfully access the /secured endpoint, you’ll need to provide a username and password in the Authorization header of the request. There are two users available: habuma and izzy. Both have "password" as their password. You can make a successful request with curl like this:

$ curl localhost:8080/secured -u habuma:password
This is a SECURED resource. Authentication: habuma; Authorities: [ROLE_ADMIN, ROLE_USER]