We wanted to secure our application (<url>/tst) by using apache2 basic authentication. Implementation in apache2 was straight forward and worked. The problem is the application. Somehow if I would login to the website of the application, Spring Security is initiated, so that I get anothe login popup. It seems the basic authentication of apache is picked up by spring security. I would like to disable that, since <url>/tst/home.html is not supposed to be secured.
I've tried couple of options, but none seem to work. Maybe someone can help me out.
Here is the basic configuration of Spring security in my app:
I've tried the following options:
1: Configure Apache to use Digest login:
.digestpw contained the following user password:
tst:tst:ceaa2115e4ac62de0f46f118921cf018
If I try to go to the application, I get a login popup for PrivateOnly as I'm supposed to. But if I insert username and password, I get the same login popup, untill after 3 time, I get this error:
Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
2: Configure Spring Security - BeasicProcessingFilter
I've added basicProcessingFilter:
This didn't work.
3: Configure Spring Security - Security Filter
I've placed security filter:
This didn't work.
All in all, I think I'm very close to solution, but I'm missing something. Can anyone help me out with this?