bilal bilal bilal bilal - 4 years ago 783
Java Question

Spring Security Rest Basic authentication

I'm working with Spring security 4 XML based configuration.

This is my configuration :

<security:http use-expressions="true" authentication-manager-ref="authenticationManager" entry-point-ref="authenticationEntryPoint">
<security:intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<security:form-login authentication-success-handler-ref="authenticationSuccessHandler"
<security:logout success-handler-ref="logoutSuccessHandler"/>
<security:csrf disabled="true"/>

<security:authentication-manager id="authenticationManager">
<security:user name="username" authorities="ROLE_USER" password="password"/>

<bean id="authenticationEntryPoint" class="package.CustomBasicAuthenticationEntryPoint">

has the following implementation :

public class CustomBasicAuthenticationEntryPoint implements AuthenticationEntryPoint {

public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {


The problem is when I try to authenticate :

with body :

I have always a 401 error status because of my custom entry point. It seems to me that spring security is not calling the authentication-manager. Do I miss something ?

Thanks for helping.


Thanks for your answers, I've been working with Spring Security 3.2, I changed j_username, j_password and j_spring_security_check to username, password and login. I still have the same problem : 401 code status : Spring Security is calling the custom authenticationEntryPoint even when I try to authenticate using a form (POST).

Answer Source

In my web.xml file, the url-pattern for Spring Security filterchain is : /api/*

I had to add the same url-pattern to the login-processing-url : "/api/" in my configuration file (login-form) to make it work :


Thanks for your answers.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download