Authentication

Authentication deals with ensuring that users are who they say they are. There are several approaches to authenticate users. This section will describe a few of the mechanisms provided by HTTP.

HTTP Basic authentication

This is the simplest form of authentication in the HTTP specification. It relies on a username and password combination being passed as an Authorization header to any HTTP request that mandates authentication.

When a client issues a request to an endpoint that requires authentication, the server will respond with a HTTP 401 Not Authorized response. The response will include the following header:

WWW-Authenticate: Basic realm="myRealm"

This header instructs the client that the user must be authenticated using the Basic ...

Get Building a RESTful Web Service with Spring now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.