The http authentication handler can use different authentication plug-ins for processing http authentication requests.
Currently it only supports BASIC authentication. Therefore it is recommended to offer this only for https connections as otherwise the user name and password is transferred clear text over the network.
The http authentication handler is configured as follows:
In order to activate the http authentication handler the extension library must be loaded according to extension library configuration.
<EXTLIBS>
<LIB>httpauth</LIB>
</EXTLIBS>
The http authentication handler is activated according to the Host handler configuration specifying HTTPAUTH for the NAME attribute.
Its configuration is introduced by the AUTHENTICATE tag.
<HANDLER TYPE="AUTH" NAME="HTTPAUTH">
<AUTHENTICATE TYPE="BASIC" REALM="MYREALM" PROVIDER="AUTHPLUGIN" >
<APPLYFORMETHOD>POST</APPLYFORMETHOD>
<AUTHPLUGIN>
...authentication plug in specific configuration
</AUTHPLUGIN>
</AUTHENTICATE>
</HANDLER>
The AUTHENTICATE tag comprises three attributes:
The TYPE attribute specifies the type of the authentication protocol to use in the request handler. Currently only BASIC authentication is provided.
The REALM attribute specifies the name for the realm which is announced to the client.
The actual authentication check is performed via authentication plug-ins. The PROVIDER attribute specifies the name of the authentication plug-in to use.
The provider specific configuration is introduced by a tag that is named as the provider name specified. Please see the actual authentication plug-ins for detailed information.
The authentication scope can be restricted to certain methods. If a method is specified the authentication check is only applied for the methods listed. ALL other methods will not require a authentication.
If no authentication method is specified all methods will require authentication.
<APPLYFORMETHOD>POST</APPLYFORMETHOD>
<APPLYFORMETHOD>PUT</APPLYFORMETHOD>
<APPLYFORMETHOD>GET</APPLYFORMETHOD>