Extended maintenance of Ruby 1.9.3 ended on February 23, 2015. Read more

In Files

  • webrick/httpauth/basicauth.rb

Class/Module Index [+]

Quicksearch

WEBrick::HTTPAuth::BasicAuth

Basic Authentication for WEBrick

Use this class to add basic authentication to a WEBrick servlet.

Here is an example of how to set up a BasicAuth:

config = { :Realm => 'BasicAuth example realm' }

htpasswd = WEBrick::HTTPAuth::Htpasswd.new 'my_password_file'
htpasswd.set_passwd config[:Realm], 'username', 'password'
htpasswd.flush

config[:UserDB] = htpasswd

basic_auth = WEBrick::HTTPAuth::BasicAuth.new config

Constants

AuthScheme

Attributes

logger[R]
realm[R]
userdb[R]

Public Class Methods

make_passwd(realm, user, pass) click to toggle source

Used by UserDB to create a basic password entry

 
               # File webrick/httpauth/basicauth.rb, line 42
def self.make_passwd(realm, user, pass)
  pass ||= ""
  pass.crypt(Utils::random_string(2))
end
            
new(config, default=Config::BasicAuth) click to toggle source

Creates a new BasicAuth instance.

See WEBrick::Config::BasicAuth for default configuration entries

You must supply the following configuration entries:

:Realm

The name of the realm being protected.

:UserDB

A database of usernames and passwords. A WEBrick::HTTPAuth::Htpasswd instance should be used.

 
               # File webrick/httpauth/basicauth.rb, line 60
def initialize(config, default=Config::BasicAuth)
  check_init(config)
  @config = default.dup.update(config)
end
            

Public Instance Methods

authenticate(req, res) click to toggle source

Authenticates a req and returns a 401 Unauthorized using res if the authentication was not correct.

 
               # File webrick/httpauth/basicauth.rb, line 69
def authenticate(req, res)
  unless basic_credentials = check_scheme(req)
    challenge(req, res)
  end
  userid, password = basic_credentials.unpack("m*")[0].split(":", 2)
  password ||= ""
  if userid.empty?
    error("user id was not given.")
    challenge(req, res)
  end
  unless encpass = @userdb.get_passwd(@realm, userid, @reload_db)
    error("%s: the user is not allowed.", userid)
    challenge(req, res)
  end
  if password.crypt(encpass) != encpass
    error("%s: password unmatch.", userid)
    challenge(req, res)
  end
  info("%s: authentication succeeded.", userid)
  req.user = userid
end
            
challenge(req, res) click to toggle source

Returns a challenge response which asks for for authentication information

 
               # File webrick/httpauth/basicauth.rb, line 95
def challenge(req, res)
  res[@response_field] = "#{@auth_scheme} realm=\"#{@realm}\""
  raise @auth_exception
end
            

Commenting is here to help enhance the documentation. For example, code samples, or clarification of the documentation.

If you have questions about Ruby or the documentation, please post to one of the Ruby mailing lists. You will get better, faster, help that way.

If you wish to post a correction of the docs, please do so, but also file bug report so that it can be corrected for the next release. Thank you.

If you want to help improve the Ruby documentation, please visit Documenting-ruby.org.