Documentation

jsonfile

The JSON file backend allows Radiator to authenticate users against a JSON formatted text file. The JSON file can be queried using the jsonpath filter to extract user credentials and attributes.

Here's an example configuration of a JSON file backend with comments explaining each statement:

jsonfile "JSON_FILE" {
    # Path to the JSON file containing user data.
    filename "users.json";

    # Enable file monitoring for changes. Defaults to true.
    monitor true;

    # Alternatively it is possible to define the JSON content directly in the configuration.
    # Not allowed if filename is used.
    content """
        {
            "users": {
                // Comments are allowed in JSON
                "alice": {
                    "username": "alice",
                    "password": "{argon2}$argon2id$v=19$m=19456,t=2,p=1$56MJ6kkHsbicXkvq6+r5dA$zY5kHLjEfJET8VT7hFV+uHcxgTE8w66Z4dYwwbZtdxw",
                    "groups": ["admin", "user"]
                },
            }, // dangling comma is allowed
        }
    """;


    # At least one query block must be defined
    query "FIND_USER" {
        # Mapping provides access to a single variable, `doc` which is the parsed JSON document.
        mapping {
            user.username = doc | jsonpath("$.users['%{aaa.identity}'].username");
            user.password = doc | jsonpath("$.users['%{aaa.identity}'].password");
            user.group = doc | jsonpath("$.users['%{aaa.identity}'].groups[*]");

            # It is also possible to extract the user data object and filter it further in the policy.
            vars.full_userdata = doc | jsonpath("$.users['%{aaa.identity}']");
        }
    }

}

Notes

  • If the monitor is true and the file changes to invalid JSON, the backend will keep serving the last valid content.
  • File changes to non-relevant parts, e.g. whitespace or comments, do not trigger a reload.
  • The JSON file can contain comments and dangling commas.
Navigation
Home
Parents