For the latest stable version, please use Spring Security 6.4.1!

Testing HTTP Basic Authentication

While it has always been possible to authenticate with HTTP Basic, it was a bit tedious to remember the header name, format, and encode the values. Now this can be done using Spring Security’s httpBasic RequestPostProcessor. For example, the snippet below:

  • Java

  • Kotlin

mvc
	.perform(get("/").with(httpBasic("user","password")))
mvc.get("/") {
    with(httpBasic("user","password"))
}

will attempt to use HTTP Basic to authenticate a user with the username "user" and the password "password" by ensuring the following header is populated on the HTTP Request:

Authorization: Basic dXNlcjpwYXNzd29yZA==