may i know can we specify url for http-basic so that only authenticate if go to particular page? example login.jsp ? i do not want to use form login.
You can do it by configuration of your web application, whether you are using spring or not.
Configuring Security in Web Applications
The resources on wich you are going to apply the security constraint are specified at the "security-constrant" element of the web.xml
deployment descriptor. By example:
<security-constraint>
<web-resource-collection>
<web-resource-name>SecureOrdersEast</web-resource-name>
<description>
Security constraint for
resources in the orders/east directory
</description>
<url-pattern>/orders/east/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>
constraint for east coast sales
</description>
<role-name>east</role-name>
<role-name>manager</role-name>
</auth-constraint>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
And, to define the Auth method as BASIC, you have to define it also at the web.xml
file, in a login-config element:
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
At the login-config you can also define the login realm, and other options. You can find more information at web.xml Deployment Descriptor Elements: login-config.
The Spring approach:
<security:http>
<security:http-basic></security:http-basic>
<security:intercept-url method="POST" pattern="/mypage.jsp" access="ROLE_USER" />
</security:http>
As you see, at the intercept-url element you can define the resources under access control. It has an attribute pattern where you can define the url pattern (admiting wildcards) of such resources.
Instead of using <security:http-basic>
, you could define your own filters and use appropriately. For instance
<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain pattern="/login.jsp" filters="formExceptionTranslationFilter"/>
<security:filter-chain pattern="/login2.jsp" filters="basicProcessingFilter"/>
</security:filter-chain-map>
</bean>