Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

Spring Boot WebClient – Basic Auth (username & password) in URL (401)

byMR
September 13, 2023

I am trying to consume a REST API in my Spring Boot application using WebClient.

This particular API takes basic-auth username and password as parameters in the URL, in the format http://username:password@hostname:8080/api/route.

I am currently building the full URL including username, password and route and passing it to the webclient when I am making my request, but it appears like the WebClient is not correctly sending the authentication parameters.

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel

My current setup is as follows:

URI url = new URI("http://username:password@hostname:8080/api/route");

WebClient.Builder webClientBuilder = WebClient.builder()
                .defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
        
WebClient webClient = webClientBuilder.build(); // I also have a customizer to add logging to the requests and responses

String requestBody = ""; // The body does not matter for this example

try {
            response = webClient.post()
            .uri(url)
            .bodyValue(requestBody)
            .retrieve()
            .bodyToMono(String.class)
            .toFuture()
            .get();
        } catch (Exception e) {
            logger.error(e.toString());
        }

I am receiving a 401 unauthorised every time I make a request using this setup. When I manually make the same request using the same URL in Postman I am able to receive an authorized response from the server. It seems to me like WebClient is stripping out the authentication parameters from the call.

I have a logging customizer (like this answer WebClient – how to get request body?) that logs the requests and response method, URI, body and headers. It is giving the URI as /api/route and the host header as host: localhost:8080. I cannot see from the output whether the authentication parameters are actually being passed to the server.

Does anyone know if there is something special I must do in order to pass authentication parameters as part of the URL in WebClient?

>Solution :

To pass basic authentication parameters in WebClient, you can use the BasicAuthenticationInterceptor class provided by Spring Security. Here’s how you can modify your code to include basic authentication:

URI url = new URI("http://hostname:8080/api/route");
String username = "username";
String password = "password";

WebClient.Builder webClientBuilder = WebClient.builder()
        .defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
        .filter(basicAuthentication(username, password));

WebClient webClient = webClientBuilder.build();

String requestBody = ""; // The body does not matter for this example

try {
    String response = webClient.post()
            .uri(url)
            .bodyValue(requestBody)
            .retrieve()
            .bodyToMono(String.class)
            .block(); // Use block() instead of toFuture().get()
    
    // Process the response
} catch (Exception e) {
    logger.error(e.toString());
}
byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading