I have configured a form-base authentication using Spring security. It works fine when I log in using the login form in my web application.

It also works with cURL:

curl --data "j_username=myname&j_password=mypassword" http://localhost:8080/test/j_spring_security_check --verbose

However, I cannot make it works using Postman:

What is missing? I need to be authenticated in order to test other services.

Finally I managed making Postman aware of authentication by using the Postman Interceptor chrome extension

With the extension enabled (by clicking the satellite icon within the Postman App), you just need to log in using the login form of your web and then you can start using services that require authentication in Postman.

You can achieve authentication/authorization in postman through various authorization types given in postman dropdown under Authorization tab.

Below is the step to use Basic Auth which by default spring security provides.

In spring security you can customize your credentials in application.properties file as given below.

spring.security.user.name=yer spring.security.user.password=galem

Using http.httpBasic worked for me.

http.httpBasic()
    .and()
    .authorizeRequests()
    .antMatchers("/api/home")
    .hasRole("ADMIN")
    .antMatchers("/api/product/*")
    .hasRole("ADMIN")
    .and()
    .formLogin();

When using basic auth on postman, you will set the credentials on the authorization tab. Click on Authorization, choose the type as Basic Auth, the credentials section will be displayed for you to key in the username and password.