1
1
.
.
3
3
A
A
u
u
t
t
h
h
e
e
n
n
t
t
i
i
c
c
a
a
t
t
i
i
o
o
n
n
I
I
n
n
f
f
o
o
Following tutorials show different ways in which User can provide his Credentials (Username & Password) either through
● Login Form (Default, Custom)
● Authentication Header (Postman - Add Header, Postman - Generate Header)
When you access any endpoint for the first time (after Application start) you will be redirected to default Login Form.
Upon successful Login (they allow subsequent HTTP Requests without logging in again)
● Session Object is created on the Server (stores User data)
● JSESSIONID Cookie is stored in your Browser (points to that Session, it is sent with every subsequent HTTP Request)
L
L
o
o
g
g
i
i
n
n
F
F
o
o
r
r
m
m
When User tries to access restricted endpoint it is redirected to Login Form where it can enter Username and Password.
Spring then tries to match entered combination of Username and Password against stored Users.
If it finds User with entered Username and Password it creates User Object that contains that Username and Password.
A
A
u
u
t
t
h
h
e
e
n
n
t
t
i
i
c
c
a
a
t
t
i
i
o
o
n
n
H
H
e
e
a
a
d
d
e
e
r
r
HTTP Request for Endpoint can have Authentication Header containing Username and Password.
In that case Login Form is not displayed since Username & Password are already provided through Authentication Header.
After extracting Username & Password from the Authentication Header Spring proceeds as described in Login Form.
