Basic Authentication in Spring WebClient

In this short post we will see how to setup Basic Authentication in Spring WebClient while invoking external APIs.

Overview

WebClient is a non-blocking HTTP client with fluent functional style API. It is part of Spring Webflux module that was introduced in Spring 5. WebClient replaces the RestTemplate to invoke external APIs with non-blocking.

WebClient provides different ways of injecting HTTP headers, query params etc while making external call. In this example we will check how to specify Basic Authentication in Webclient.

Basic Authentication in WebClient

Until Spring 5.1, basic authentication was setup using a custom ExchangeFilterFunction. This way of setting up Basic auth was only available while creating WebClient since it relies on WebClient filters.

private WebClient client = WebClient.builder()
            .filter(ExchangeFilterFunctions
                .basicAuthentication(username, token))
            .build();

Alternatively if we want to provide the Basic auth while calling the API, we have to set the Authorization header manually which is not great!

webClient.get()
            .uri("/customers")
            .header("Authorization", "Basic " + Base64Utils
                    .encodeToString((username + ":" + token).getBytes(UTF_8)))
            .retrieve()
            .bodyToFlux(String.class);

Thankfully, Spring provided some helper methods to make this easy and consistent in Spring 5.1.

Basic Authentication in Spring 5.1 and above

The above way of setting Basic authentication using custom ExchangeFilterFunction is deprecated in Spring 5.1. A new method setBasicAuth is introduced in HttpHeaders class that can be used to set basic authentication.

Below we set use defaultHeaders in WebClient builder to setup Basic auth while creating WebClient instance:

private WebClient client = WebClient.builder()
            .defaultHeaders(header -> header.setBasicAuth(userName, password))
            .build();

Alternately the basic auth can also be setup while calling any API:

Mono<String> response = client.get()
                    .url("/customers")
                    .headers(headers -> headers.setBasicAuth(userName, password))
                    .retrieve()
                    .bodyToFlux(String.class);

Two variants of setBasicAuth methods are available in HttpHeaders.

void    setBasicAuth(String username, String password)
        //Set the value of the Authorization header to Basic Authentication based on the given username and password.

void    setBasicAuth(String username, String password, Charset charset)
        //Set the value of the Authorization header to Basic Authentication based on the given username and password.

Bonus tip – Setting Bearer Token in WebClient

Similar to Basic Auth, we can also setup the Bearer token in WebClient using new method setBearerAuth in HttpHeaders class:

void    setBearerAuth(String token)
        //Set the value of the Authorization header to the given Bearer token.

The process would be exactly similar to setting up the Basic Auth.

Conclusion

The setBasicAuth method in HttpHeaders class makes it easy setting up basic authentication in WebClient Spring WebFlux. The Basic Auth can be setup while building the WebClient or alternatively during invoking APIs using get(), post() etc.

Get our Articles via Email. Enter your email address.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *