This version is still in development and is not considered stable yet. For the latest stable version, please use Spring Security 6.3.4!

Testing HTTP Basic Authentication

While it has always been possible to authenticate with HTTP Basic, it was a bit tedious to remember the header name, format, and encode the values. Now this can be done using Spring Security’s httpBasic RequestPostProcessor. For example, the snippet below:

  • Java

  • Kotlin

mvc
	.perform(get("/").with(httpBasic("user","password")))
mvc.get("/") {
    with(httpBasic("user","password"))
}

will attempt to use HTTP Basic to authenticate a user with the username "user" and the password "password" by ensuring the following header is populated on the HTTP Request:

Authorization: Basic dXNlcjpwYXNzd29yZA==