Testing spring security with Postman

Question

I have configured a form-base authentication using Spring security. It works fine when I log in using the login form in my web application.

It also works with cURL:

Answer 1

Using http.httpBasic worked for me.

http.httpBasic()
    .and()
    .authorizeRequests()
    .antMatchers("/api/home")
    .hasRole("ADMIN")
    .antMatchers("/api/product/*")
    .hasRole("ADMIN")
    .and()
    .formLogin();

Answer 2

When using basic auth on postman, you will set the credentials on the authorization tab. Click on Authorization, choose the type as Basic Auth, the credentials section will be displayed for you to key in the username and password.

Answer 3

Finally I managed making Postman aware of authentication by using the Postman Interceptor chrome extension

With the extension enabled (by clicking the satellite icon within the Postman App), you just need to log in using the login form of your web and then you can start using services that require authentication in Postman.

Answer 4

You can achieve authentication/authorization in postman through various authorization types given in postman dropdown under Authorization tab.

Below is the step to use Basic Auth which by default spring security provides.

In spring security you can customize your credentials in application.properties file as given below.

spring.security.user.name=yer spring.security.user.password=galem