I have a use case for securing a RESTful service and I’m not exactly sure it can be implemented or not – essentially I would like to have both Basic and Digest authentication set up. Setting up both filters in the chain should be relativelly easy, but I’m not sure on how to handle the entry point – as far as I can tell, there are 2 entry points for the 2 types of authentication, but the way it should potentially work is to call the correct entry point in case the Authorization header comes with either Basic or Digest authentication logic.
I am aware that in Spring 3.1 you can have multiple elemenets, but I don’t think that can help in this case, as these 2 authentication options should be supported on the same mapping, and mapping seems to be the only way that the 2 elements can be differentiated.
I am also aware of the question:
Spring Security 3.x: How can I enable both BASIC and DIGEST authentication?
But that doesn’t seem to address the question of multiple entry points.
Is there something that I am overlooking, or perhas not fully understanding?
Any help is appreciated.
Thanks.
Eugen.
I have solved the problem – what I ended up doing was using digest authentication (filter and entrypoint) and adding the basic filter just after the digest filter in the chain. That way, for a request with authentication credentials (either basic or digest), the correct filter would pick it up. For an anonymous request, the digest entry point will commence and the client will be prompted for digest credentials.