Tuesday, May 14, 2013

Spring Security: Avoiding the Authentication Required popup

When using http-basic authentication the default behavior is for a popup to appear requiring a username and password.
This is fine and all, but generally we have a more graceful way of handling the log in, like with a nice form.
As it is pointed out in this blog post, it isn't the basic authorization that brings up the popup, but the header that Spring Security returns via the BasicAuthenticationEntryPoint: WWW-Authenticate

Here is an example of creating our own authentication entry point to remove the heinous header.

No comments:

Post a Comment