basic-authentication

I am currently working on integration of a third party application with our local reporting system. I would like to implement REST calls with basic authentication but facing issues in Spring 4.0.0. I have a simple solution what works nicely: final RestTemplate restTemplate = new RestTemplate(); final String plainCreds = "username:password"; final byte[] plainCredsBytes = plainCreds.getBytes(); final byte[] base64CredsBytes = Base64.encodeBase64(plainCredsBytes); final String base64Creds = new String(base64CredsBytes); final HttpHeaders headers = new HttpHeaders(); headers.add("Authorization",

I have a REST based server which I am trying to communicate with using JQuery. Both XML and JSON are available as response formats, so I am using JSON. The connections are all SSL so HTTP Basic Authentication has been our authorization method of choice, and we have had no problems with other front ends (raw Javascript, Silverlight, etc...) Now I am attempting to put something together with JQuery and having endless problems using HTTP Basic Authentication. I have scoured through numerous previous questions most of which either have solutions that do not seem to actually work or blame the

Basically my scenario is that I have an internal website that requires a SINGLE hard-coded username and password to access (and this can't be turned off, only changed). I am exposing this website through a reverse proxy for various reasons (hiding the port, simplifying url, simplifying NAT, etc). However, what I would like to do is be able to use Apache to handle the authentication so that: I don't have to give out single password to everyone I can have multiple usernames and passwords using Apache's BasicAuth For internal users, I don't have to prompt for a password EDIT: Second part about

I am using Spring-Security 3.2.0.RC2 with Java config. I set up a simple HttpSecurity config that asks for basic auth on /v1/**. GET requests work but POST requests fail with: HTTP Status 403 - Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'. My security config looks like this: @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Resource private MyUserDetailsService userDetailsService; @Autowired //public void configureGlobal(AuthenticationManagerBuilder auth) public void configure

I'm learning Apigility ( Apigility docu -> REST Service Tutorial ) and trying to send a POST request with basic authentication via cURL: $ curl -X POST -i -H "Content-Type: application/hal+json" -H "Authorization: Basic YXBpdXNlcjphcGlwd2Q=" http://apigilityhw.sandbox.loc/status YXBpdXNlcjphcGlwd2Q= is the base 64 encoded string with my credentials apiuser:apipwd . The credentials are saved in the /data/htpasswd ( apiuser:$apr1$3J4cyqEw$WKga3rQMkxvnevMuBaekg/ ). The looks like this: HTTP/1.1 401 Unauthorized Server: nginx/1.4.7 Date: Mon, 22 Sep 2014 07:48:47 GMT Content-Type: application

So I'm trying to implement the following scenario: An application is protected by Basic Authentication. Let's say it is hosted on app.com An HTTP proxy, in front of the application, requires authentication as well. It is hosted on proxy.com The user must therefore provide credentials for both the proxy and the application in the same request, thus he has different username/password pairs: one pair to authenticate himself against the application, and another username/password pair to authenticate himself against the proxy. After reading the specs, I'm not really sure on how I should implement

When a server allows access via Basic HTTP Authentication, what is the experience expected to be on the browser? I typically just do this with curl: curl -u myusername:mypassword http://somesite.com And it works just fine. However, right now I don't have access to curl (long story), and I want to just do it from the web browser, if possible. I thought the way Basic Auth was supposed to work was - I type in the url I want, the server then decides I'm not authorized, returns response code 401, and I type my username and password into a prompt. If it's correct, the page loads! However, on

why has the resulting string literal of "username:password" be encoded with Base64 in the Authorization header? Whats the background of it? This is the production rule for the userid-password tuple before it’s encoded: userid-password = [ token ] ":" *TEXT Here token is specified as follows: token = 1*<any CHAR except CTLs or tspecials> This is basically any US-ASCII character within the range of 32 to 126 but without some special characters ( ( , ) , < , > , @ , , , ; , : , \ , " , / , [ , ] , ? , = , { , } , space, and horizontal tab). And TEXT is specified as follows: TEXT = <any OCTET