O'Reilly logo

Hands-On High Performance with Spring 5 by Dinesh Radadiya, Prashant Goswami, Pritesh Shah, Subhash Shah, Chintan Mehta

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

API authentication with the JSESSIONID cookie

It's not a good practice for API clients to use form-based authentication, due to the essential need for providing a JSESSIONID cookie with the chain of requests. Spring Security also provides an option to use HTTP basic authentication, which is an older approach but works fine. In the HTTP basic authentication approach, user/password details need to be sent with a request header. Let's take a look at the following example of an HTTP basic authentication configuration:

@Overrideprotected void configure(HttpSecurity http) throws Exception {      http        .authorizeRequests()        .anyRequest().authenticated()        .and()        .httpBasic();}

In the preceding example, the configure() method is from the WebSecurityConfigurerAdapter ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required