Module: WEBrick::HTTPAuth

Defined in:: lib/webrick/httpauth.rb,
lib/webrick/httpauth/userdb.rb,
lib/webrick/httpauth/htgroup.rb,
lib/webrick/httpauth/htdigest.rb,
lib/webrick/httpauth/htpasswd.rb,
lib/webrick/httpauth/basicauth.rb,
lib/webrick/httpauth/digestauth.rb,
lib/webrick/httpauth/authenticator.rb

Overview

HTTPAuth provides both basic and digest authentication.

To enable authentication for requests in WEBrick you will need a user database and an authenticator. To start, here’s an Htpasswd database for use with a DigestAuth authenticator:

config = { :Realm => 'DigestAuth example realm' }

htpasswd = WEBrick::HTTPAuth::Htpasswd.new 'my_password_file'
htpasswd.auth_type = WEBrick::HTTPAuth::DigestAuth
htpasswd.set_passwd config[:Realm], 'username', 'password'
htpasswd.flush

The :Realm is used to provide different access to different groups across several resources on a server. Typically you’ll need only one realm for a server.

This database can be used to create an authenticator:

config[:UserDB] = htpasswd

digest_auth = WEBrick::HTTPAuth::DigestAuth.new config

To authenticate a request call #authenticate with a request and response object in a servlet:

def do_GET req, res
  @authenticator.authenticate req, res
end

For digest authentication the authenticator must not be created every request, it must be passed in as an option via WEBrick::HTTPServer#mount.

Defined Under Namespace

Modules: Authenticator, ProxyAuthenticator, UserDB Classes: BasicAuth, DigestAuth, Htdigest, Htgroup, Htpasswd, ProxyBasicAuth, ProxyDigestAuth

Class Method Summary collapse

._basic_auth(req, res, realm, req_field, res_field, err_type, block) ⇒ Object
.basic_auth(req, res, realm, &block) ⇒ Object

Simple wrapper for providing basic authentication for a request.
.proxy_basic_auth(req, res, realm, &block) ⇒ Object

Simple wrapper for providing basic authentication for a proxied request.

Class Method Details

._basic_auth(req, res, realm, req_field, res_field, err_type, block) ⇒ `Object`

# File 'lib/webrick/httpauth.rb', line 56

def _basic_auth(req, res, realm, req_field, res_field, err_type,
                block) # :nodoc:
  user = pass = nil
  if /^Basic\s+(.*)/o =~ req[req_field]
    userpass = $1
    user, pass = userpass.unpack("m*")[0].split(":", 2)
  end
  if block.call(user, pass)
    req.user = user
    return
  end
  res[res_field] = "Basic realm=\"#{realm}\""
  raise err_type
end

.basic_auth(req, res, realm, &block) ⇒ `Object`

Simple wrapper for providing basic authentication for a request. When called with a request req, response res, authentication realm and block the block will be called with a username and password. If the block returns true the request is allowed to continue, otherwise an HTTPStatus::Unauthorized error is raised.

# File 'lib/webrick/httpauth.rb', line 78

def basic_auth(req, res, realm, &block) # :yield: username, password
  _basic_auth(req, res, realm, "Authorization", "WWW-Authenticate",
              HTTPStatus::Unauthorized, block)
end

.proxy_basic_auth(req, res, realm, &block) ⇒ `Object`

Simple wrapper for providing basic authentication for a proxied request. When called with a request req, response res, authentication realm and block the block will be called with a username and password. If the block returns true the request is allowed to continue, otherwise an HTTPStatus::ProxyAuthenticationRequired error is raised.

# File 'lib/webrick/httpauth.rb', line 90

def proxy_basic_auth(req, res, realm, &block) # :yield: username, password
  _basic_auth(req, res, realm, "Proxy-Authorization", "Proxy-Authenticate",
              HTTPStatus::ProxyAuthenticationRequired, block)
end