In the last article, you have learned how to enable Http basic authentication in Spring security-based Java application, and now we'll go one step further to understand how exactly http basic authentication works in Spring security. If you remember, when you use HTTP Basic for authentication purposes, the client, like a browser or a rest client sends login credentials in the http request header. The header is aptly named "Authorization," and it contains a Base64 encoded string, which is created by concatenating username and password using a colon. For example, if the username is "johnsmith" and the password is "JOHN3214" then they will be concatenated as "johnsmith:JOHN3214" before encoded using base 64 encoding algorithms.