Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-12 07:02:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Polish gh-16280

Browse Source
This commit is contained in:
Steve Riesenberg 2025-03-20 15:43:53 -05:00
parent 21fb5f92cf
commit eb510ab59d
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/modules/ROOT/pages/servlet/authentication/passwords/basic.adoc
View File

@ -24,11 +24,9 @@ The `RequestCache` is typically a `NullRequestCache` that does not save the requ
[NOTE]
====
The default HTTP Basic Auth Provider will suppress both Response body and `WWW-Authenticate` header in the 401 response when
the request was made with a `X-Requested-By: XMLHttpRequest` header. This allows frontends to implement their own
authentication code, instead of triggering the browser login dialog.
To override, implement your own
javadoc:org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint[] .
The default HTTP Basic Auth Provider will suppress both Response body and `WWW-Authenticate` header in the 401 response when the request was made with a `X-Requested-By: XMLHttpRequest` header.
This allows frontends to implement their own authentication code, instead of triggering the browser login dialog.
To override, implement your own javadoc:org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint[].
====
When a client receives the `WWW-Authenticate` header, it knows it should retry with a username and password.