This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
We wanted to secure our application (<url>/tst) by using apache2 basic authentication. Implementation in apache2 was straight forward and worked. The problem is the application. Somehow if I would login to the website of the application, Spring Security is initiated, so that I get anothe login popup. It seems the basic authentication of apache is picked up by spring security. I would like to disable that, since <url>/tst/home.html is not supposed to be secured.
I've tried couple of options, but none seem to work. Maybe someone can help me out.
Here is the basic configuration of Spring security in my app:
I've tried the following options:
1: Configure Apache to use Digest login:
.digestpw contained the following user password:
If I try to go to the application, I get a login popup for PrivateOnly as I'm supposed to. But if I insert username and password, I get the same login popup, untill after 3 time, I get this error:
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
2: Configure Spring Security - BeasicProcessingFilter I've added basicProcessingFilter:
This didn't work.
3: Configure Spring Security - Security Filter
I've placed security filter:
This didn't work.
All in all, I think I'm very close to solution, but I'm missing something. Can anyone help me out with this?
Joined: Sep 06, 2005
I managed to make option 1 work for me.
It appeared I was using wrong realm in AuthName definition.
I is still remarkable that the application behaves strange when Apaches basic authentication is used.