使用基本身份验证配置 Spring Boot 的嵌入式 tomcat 容器

Question

I am using Spring Boot 1.5.7, without Spring Security. My objective is to experiment with the embedded tomcat container and enable basic authn.

Here is what I have:

@Bean
public EmbeddedServletContainerFactory servletContainer() {
    final TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory();
    tomcat.addContextCustomizers(ctx -> {
        String AUTH_ROLE = "admin";
        LoginConfig config = new LoginConfig();
        config.setAuthMethod("BASIC");
        ctx.setLoginConfig(config);
        ctx.addSecurityRole(AUTH_ROLE);
        SecurityConstraint constraint = new SecurityConstraint();
        constraint.addAuthRole(AUTH_ROLE);
        SecurityCollection collection = new SecurityCollection();
        collection.addPattern("/*");
        constraint.addCollection(collection);
        ctx.addConstraint(constraint);
    });

    return tomcat;
}

This does not seem to have any effect. Is this sort of thing possible with Spring Boot programmatically, or could it only be done via the likes of web.xml?

PS: There are any number of posts on Stackoverflow detailing various solutions and alternatives that involve the Spring Security project. I should re-emphasize here that I would like to learn if there is a way to solve this without involving that library.

Answer 1

Your configuration is good, but you need to add a Basic authenticator valve to the factory:

 final TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory();
    tomcat.addContextValves(new BasicAuthenticator());
    tomcat.addContextCustomizers(....

Answer 2

@misagh moayyed, where do you have the users defined? I am trying to utilize embedded tomcat authentication and I do get the basic auth prompt but the credentials I pass are not valid.