Spring boot - basic auth and X.509 certificate authentication

Asked Oct 12 '18 at 15:57

Active Apr 24 '20 at 15:16

Viewed 957 times

Can basic auth be used in conjunction with X.509 certificate mutual authentication in a spring boot 2 app?

In my WebSecurityConfig I have this:

protected void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests()
      .anyRequest().authenticated()
      .and()
      .httpBasic()
      .and()
      .x509();
  }

I supply the client certificate via postman and include the basic authorization username and password. I get a successful response.

When I remove the basic auth username and password I still get a successful response when I would have expected an error... ~ so guessing basic auth gets ignored when x509 is specified?

Thanks,

asked Oct 12 '18 at 15:57

Hurricane

1,454
1
13
31

1

If you mean with *conjunction* an logical "and", then the answer is no. If you mean a logical "or", then the answer is yes. – dur Oct 13 '18 at 09:01
@dur thanks for the reply. I meant logical "and". I guess I might be able to achieve what I want via an interceptor. This could access the "Authorization" header, decode and extract the username and password. I could then figure out how to compare these details with the "inMemoryAuthentication" user details which have been setup. – Hurricane Oct 13 '18 at 16:58

Spring boot - basic auth and X.509 certificate authentication

0 Answers0