What is the replacement for deprecated BasicAuthorizationInterceptor?

Question

I am using a new BasicAuthorizationInterceptor to do the basic authentication in oauth2.0. I can't find a replacement for the deprecated BasicAuthorizationInterceptor. Please help me with it

Use the [BasicAuthenticationInterceptor](https://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/http/client/support/BasicAuthenticationInterceptor.html) — Michiel, Oct 25 '19 at 06:30

score 5 · Accepted Answer · edited Dec 04 '19 at 23:57

5

Using BasicAuthenticationInterceptor worked for me.

edited Dec 04 '19 at 23:57

Baum mit Augen

49,044
25
144
182

answered Dec 04 '19 at 22:20

Mario P.

148
9

score 0 · Answer 2 · answered Apr 16 '20 at 15:04

From the BasicAuthorizationInterceptor documentation:

Deprecated as of 5.1.1, in favor of BasicAuthenticationInterceptor which reuses HttpHeaders.setBasicAuth(java.lang.String, java.lang.String), sharing its default charset ISO-8859-1 instead of UTF-8 as used here

score 0 · Answer 3 · edited Feb 21 '21 at 19:42

0

This is how solved my problem:

in favor of BasicAuthenticationInterceptor which reuses HttpHeaders.setBasicAuth(java.lang.String, java.lang.String), sharing its default charset ISO-8859-1 instead of UTF-8 as used here 1

edited Feb 21 '21 at 19:42

Andrzej Sydor

1,373
4
13
28

answered Feb 21 '21 at 05:29

José R. Pérez Sandó

1

Hi, your answer doesn't show examples and may require further details. Please check on how to write awesome answers here : https://stackoverflow.com/help/how-to-answer – Rishabh Kumar Feb 21 '21 at 06:22

score 0 · Answer 4 · answered Feb 21 '21 at 06:22

0

Using BasicAuthenticationInterceptor and also looking for the interface of ClientHttpRequestInterceptor

answered Feb 21 '21 at 06:22

Allen

88
6

score 0 · Answer 5 · answered Mar 17 '22 at 18:30

I am answering a bit late but most of the above answers say BasicAuthenticationInterceptor can be used instead of BasicAuthorizationInterceptor which is deprecated now. But if you see the implementation of both, you can find that in BasicAuthenticationInterceptor overriden intercept method as below:

  public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) throws IOException {
        HttpHeaders headers = request.getHeaders();
        if (!headers.containsKey("Authorization")) { // adds only if no Authorization header is absent
            headers.setBasicAuth(this.encodedCredentials);
        }

        return execution.execute(request, body);
    }

where as BasicAuthorizationInterceptor has below in the overriden intercept method:

    public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) throws IOException {
        String token = Base64Utils.encodeToString((this.username + ":" + this.password).getBytes(StandardCharsets.UTF_8));
        request.getHeaders().add("Authorization", "Basic " + token); // no condition check
        return execution.execute(request, body);
    }

so as a quick summary, BasicAuthenticationInterceptor checks if an there is a Authorzation headers and adds only if not present but BasicAuthorizationInterceptor does not have that check.

So the basic solution is to create a Custom Interceptor which you might create referencing the BasicAuthorizationInterceptor class if you wanted to add multiple Authorization headers.

More info here

What is the replacement for deprecated BasicAuthorizationInterceptor?

5 Answers5