Aeturnum
Published in

Aeturnum

Basic authentication for Springboot REST API application with HandlerInterceptor

This post will show you how to authenticate the Springboot REST API application using basic authentication. To do this process I’m going to use a HandlerInterceptor class provided by the spring framework.

To learn more about HandlerInterceptor behavior please visit my previous post from here. Also please visit here to get the full code example.

Overview

Basic authentication is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains the word Basic word followed by a space and a base64-encoded string username: password. To explain this process I’m going to use 2 controllers called Create Employee and Retrieve Employee.

Example URL format:
http://testUser:CMbk5083@localhost:8080/employee-service/employees/add

This user name and password coming as a header value and its base64 encoded value (Ex: Basic dGVzdFVzZXI6Q01iazUwODM=). In the back end, we are validating the UN and PWD after decoding this value.
In the industry most of the time, we are using this authentication method for callback authentication.
Please refer to the following sequence diagrams to get a better idea of this process.

Technologies

Java 1.8
Maven 3.6.1
Springboot 2.2.7.RELEASE
spring-boot-starter-web
MongoDB
log4j

Project Structure

Project structure

First, we have to double-check our controller endpoints are working fine. We can use Postman or any other third-party tool to execute endpoints.

STEP 1: Maven dependency (POM.xml).

Springboot web dependency for HandlerInterceptorAdapter

Please visit pom.xml to see the completed version.

STEP 2: Add customized Interceptor class.

Here we are using HandlerInterceptorAdapter class to make our custom Interceptor class called EmployeeSecurityInterceptor.Since we are only going to validate application credentials, inside of the overridden preHandle() method. Also, we have overridden postHandle() method with some logs.

In this preHandle() method we are doing a couple of things like,
- Grab basic header value from the request header object.
- Call the AuthService module to validate the header value.
- Set response status according to validity.

EmployeeSecurityInterceptor

Please go through EmployeeSecurityInterceptor class, I have explained each step in the comment section. To learn more about HandlerInterceptor behavior please visit my previous post from here.

STEP 3: Configuration.

Here we are going to add a configuration class for the Spring MVC configuration since we need to bind our custom Interceptor (EmployeeSecurityInterceptor) class with Spring MVC.
Here we have a class called SpringMVCConfig and it’s overridden by WebMvcConfigurer provided by the Spring framework.

SpringMVCConfig.java

STEP 4: Service layer changes.

Here I have introduced a couple of classes to act as an auth service module. Inside of this service layer, we are going to validating the base64 encoded header value with application credentials.
Please visit AuthServiceImpl to see the full implementation.

AuthService.java
AuthServiceImpl.java

STEP 5: Testing

Once you are done with the changes you can test both endpoints using Postman.

If the validation method returns TRUE, then the request will redirect to the controller endpoint according to the URI with a 200 (OK ) status.
If it returns FALSE, then it will throw an error with 401(UN-AUTHORIZED) status.

Example :

Authentication Success Response

With a valid user name and password

Authentication Failed Response

With a valid user name and invalid password

Note ***
Rather than using a user name and password like this http://testUser:CMbk5083@localhost:8080/employee-service/employees/add, you can use the following options in the Postman.

  1. Set as a User name and password in the Authorization tab.
User name and password

2. Set ‘Authorization’ header value as Bas64 encoded value

First, you have to convert username:password into base64 encoded value and add a prefix called “Basic”.

Base64 encoded header value

Please visit a completed version from here and I have explained every possible step in the comment section. Please leave a comment if you have concerns or questions.

--

--

--

Aeturnum is a software services organization based in Boston, USA

Recommended from Medium

even a resurgence of the coronavirus later this year and next

Deployment flow at Docplanner

Resources: Here’s What We Did in 2 Weeks of Home Quarantine

Learn from Home TinkerHub

3 reasons because your big company isn’t efficient enough

You Don’t Have to Migrate to Python 3

Employee Spotlight: Lucy Hoag

10 Critical Considerations for Cloud-Based ECM part-1

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Chanaka MBK

Chanaka MBK

Experienced Software Engineer with a demonstrated history of working in the information technology and services industry. Skilled in JAVA,Spring Boot, Angular.

More from Medium

Dropbox Api Short-Lived tokens and refresh tokens — Spring + Java Application

How to Deploy SpringBoot App to Elastic Beanstalk Using Github Actions CI/CD

Spring boot micro service complete setup framework

Marshaling and Unmarshaling XML using JAXB