Basic authentication is one of the simplest and thus the least secure authentication mechanism. It sends a combined string, which contains username and password encoded with base64 encoding, inside a special HTTP header. Password and username can be very easily discovered, if the HTTP request is intercepted by an attacker. On the other hand, if a request goes through using the HTTPS protocol, then header discovery is less likely to happen. The combination of HTTPS and basic authentication makes a rather popular choice as a starting security scheme for web services.
In this recipe, we will demonstrate how to use the HTTPBuilder library, which we already covered in previous recipes (for example, the Issuing a SOAP request and parsing a response recipe), to achieve the basic request authentication.
The following steps present how simple it is to inject basic authentication credentials into your requests:
- First of all we need to create an instance of
HTTPBuilderpointing to our service URL:def service = new HTTPBuilder('https://localhost:5000/') - Username (
groovy) and password (cookbook) values can be set in the following way:service.auth.basic('groovy', 'cookbook') - At this point, you can construct HTTP requests to the secured web service as follows:
def response = service.get(path: 'secret-service')