Basic authentication in Spring Boot

Today we want to present you a very simple mechanism to secure your API using an authentication mechanism known as basic authentication, described in this RFC.

The implementation is very simple: a servlet filter that intercept calls and reads the authentication header, decodes it and compares with value set in the properties file.

As always, we created a complete implementation of this mechanism in a demo Spring Boot application that can be checked here.

You know that we love Swagger UI as a mechanism to test our APIs. The example we provide comes with the input label for the authentication header:

What would be possible improvements of this mechanism:

  • store authentication key in AWS KMS
  • add HTTPS support to your endpoint, as it’s described here.

Don’t forget to share your thoughts with us by adding a comment on this post!

Happy cloud computing!