spring http-basic

may i know can we specify url for http-basic so that only authentica开发者_开发问答te if go to particular page? example login.jsp ? i do not want to use form login.

The Spring approach:

<security:http>
    <security:http-basic></security:http-basic>
    <security:intercept-url method="POST" pattern="/mypage.jsp" access="ROLE_USER" />
</security:http>

As you see, at the intercept-url element you can define the resources under access control. It has an attribute pattern where you can define the url pattern (admiting wildcards) of such resources.

You can do it by configuration of your web application, whether you are using spring or not.

Configuring Security in Web Applications

The resources on wich you are going to apply the security constraint are specified at the "security-constrant" element of the web.xml deployment descriptor. By example:

<security-constraint>
     <web-resource-collection>
          <web-resource-name>SecureOrdersEast</web-resource-name>
          <description>
             Security constraint for
             resources in the orders/east directory
          </description>
          <url-pattern>/orders/east/*</url-pattern>
          <http-method>POST</http-method>
          <http-method>GET</http-method>
     </web-resource-collection>
     <auth-constraint>
          <description>
           constraint for east coast sales
          </description>
          <role-name>east</role-name>
          <role-name>manager</role-name>
     </auth-constraint>
     <user-data-constraint>
          <description>SSL not required</description>
          <transport-guarantee>NONE</transport-guarantee>
     </user-data-constraint>
</security-constraint>

And, to define the Auth method as BASIC, you have to define it also at the web.xml file, in a login-config element:

<login-config>
  <auth-method>BASIC</auth-method>
</login-config>

At the login-config you can also define the login realm, and other options. You can find more information at web.xml Deployment Descriptor Elements: login-config.

Instead of using <security:http-basic>, you could define your own filters and use appropriately. For instance

<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
    <security:filter-chain-map path-type="ant">
        <security:filter-chain pattern="/login.jsp"        filters="formExceptionTranslationFilter"/>
        <security:filter-chain pattern="/login2.jsp"        filters="basicProcessingFilter"/>
    </security:filter-chain-map>
</bean>