Difference Between Basic Authentication and Form Based Authentication

In this tutorial, we will discuss the difference between Spring Security provided built-in basic authentication and form-based authentication.

Difference Between Basic Authentication and Form Based Authentication

Although both Basic Authentication and Form-Based Authentication use a username and password to authenticate a client, there is a difference between how they both work and how Spring Security implements them.

1. Basic Authentication uses an HTTP header in order to provide the username and password when making a request to a server. For example:

Form-based authentication uses standard HTML form (Login Form) fields to pass the username and password values to the server via a POST request. For example:

2. Basic Authentication DO NOT use cookies, hence there is no concept of a session or logging out a user, which means each request has to carry that header in order to be authenticated.

In Form-based authentication, the server validates the credentials provided and creates a “session” tied to a unique token stored in a cookie and passed between the client and the server on each http request. If the cookie is invalid or the user is logged out, the server then usually redirects to a login page.

Check out the Complete Spring Security Basic Authentication Example

Check out the Complete Spring Security Form-Based Authentication Example

Related Tutorials

Free Spring Boot Tutorial | Full In-depth Course | Learn Spring Boot in 10 Hours


Watch this course on YouTube at Spring Boot Tutorial | Fee 10 Hours Full Course