Using grails-spring-security-rest to do HTTP Basic Authentication Token Based

0
votes

I guess if is possible to use the Grails Spring Security Rest[1] plugin in order to authentication API requests using HTTP Basic Authentication?

An example is Stripe API [2], in which the requests are authenticated using a Token send in the Username field of the HTTP Basic Authentication.

curl https://api.stripe.com/v1/charges -u sk_test_BQokikJOvBiI2HlWgH4olfQ2

curl uses the -u flag to pass basic auth credentials (adding a colon after your API key will prevent it from asking you for a password).

A sample test API key has been provided in all the examples on the page, so you can test out any example right away.

[1]http://grails.org/plugin/spring-security-rest [2]https://stripe.com/docs/api#authentication

1
grailsspring-securitygrails-pluginbasic-authentication

1 Answers

1
votes

The problem with the approach you mention is that Spring Security Core's HTTP Basic support doesn't expect to receive a token in the username. It will try to authenticate the request the configured authentication providers (eg: the DB) with an empty password.

You will have to replace RestAuthenticationFilter adding a behaviour like the one provided by BasicAuthenticationFilter. As it's Spring under the covers, you can easily replace one bean.