In this tutorial, we will discuss the difference between Spring Security provided built-in basic authentication and form-based authentication.
Difference Between Basic Authentication and Form Based Authentication
Although both Basic Authentication and Form-Based Authentication use a username and password to authenticate a client, there is a difference between how they both work and how Spring Security implements them.
1. Basic Authentication uses an HTTP header in order to provide the username and password when making a request to a server. For example:
Form-based authentication uses standard HTML form (Login Form) fields to pass the username and password values to the server via a POST request. For example:
2. Basic Authentication DO NOT use cookies, hence there is no concept of a session or logging out a user, which means each request has to carry that header in order to be authenticated.
In Form-based authentication, the server validates the credentials provided and creates a “session” tied to a unique token stored in a cookie and passed between the client and the server on each http request. If the cookie is invalid or the user is logged out, the server then usually redirects to a login page.
Check out the Complete Spring Security Basic Authentication Example
Check out the Complete Spring Security Form-Based Authentication Example
Related Tutorials
Free Spring Boot Tutorial | Full In-depth Course | Learn Spring Boot in 10 Hours
Watch this course on YouTube at Spring Boot Tutorial | Fee 10 Hours Full Course