The login form

Basic authentication is good for our RESTful API, but we would rather have a login page carefully designed by our team to improve the web experience.

Spring Security allows us to define as many WebSecurityConfigurerAdapter classes as we need. We will split our SecurityConfiguration class into two parts:

  • ApiSecurityConfiguration: This will be configured first. This will secure the RESTful endpoints with basic authentication.
  • WebSecurityConfiguration: This will then configure login form for the rest of our application.

You can remove or rename SecurityConfiguration and create ApiSecurityConfiguration instead:

@Order(1) public class ApiSecurityConfiguration extends WebSecurityConfigurerAdapter { @Autowired public void configureAuth(AuthenticationManagerBuilder ...

Get Mastering Spring MVC 4 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.