HTTP Basic Authentication
Authenticate HTTP requests using HTTP Basic Auth
HTTP Basic Authentication is a simple authentication mechanism for HTTP requests where credentials are sent in the Authorization header. Radiator Server supports HTTP Basic Auth through the http-basic-auth action, which can be used to validate user credentials.
Basic Configuration
Here's a complete working example using a JSON file backend for user storage with access logging:
# HTTP server with Basic Authentication using jsonfile backend
include "%{env.RADIATOR_COMMON}/license.conf";
# Logging configuration
logging {
application {
file {
loglevel debug;
filename "<cwd>/radiator-server.log";
}
}
aaa {
logger "HTTP_LOG" {
file {
filename "<cwd>/http-server.log";
}
}
}
}
# JSON file backend for user authentication
backends {
jsonfile "USERS_DB" {
filename "<cwd>/users.json";
monitor false;
query "find_user" {
mapping {
user.username = doc | jsonpath("$.users[?(@.username == '%{aaa.identity}')].username");
user.password = doc | jsonpath("$.users[?(@.username == '%{aaa.identity}')].password");
}
}
}
}
# HTTP clients
clients {
http "API_CLIENTS" {
client "LOCAL" {
source {
ip 127.0.0.1;
ip ::1;
}
}
}
}
# HTTP server with Basic Auth
servers {
http "API_SERVER" {
listen {
protocol tcp;
ip 127.0.0.1;
port 8080;
}
clients "API_CLIENTS";
}
}
# AAA configuration
aaa {
pipeline "LOG_HTTP_REQUEST" {
log "HTTP_LOG" {
json {
"timestamp" datetime.timestamp;
"client_ip" http.client.ip;
"username" aaa.identity;
"method" http.method;
"path" http.path;
"status" http.status;
}
}
}
policy "DEFAULT" {
# Public health check - no auth required
handler "HEALTH" {
conditions all {
http.method == "GET";
http.path == "/health";
}
authentication {
modify { http.response.status = "ok"; }
accept;
}
final-authentication {
invoke "LOG_HTTP_REQUEST";
}
}
# Protected endpoint - requires Basic Auth
handler "PROTECTED" {
conditions all {
http.method == "GET";
http.path == "/api/protected";
}
authentication {
# Look up user from JSON file (aaa.identity is set from HTTP Basic Auth)
backend { name "USERS_DB"; query "find_user"; }
# Authenticate using HTTP Basic Auth (compares passwords)
http-basic-auth;
}
post-authentication {
modify {
http.response.authenticated = true;
http.response.username = aaa.identity;
http.response.message = "Welcome!";
}
accept;
}
final-authentication {
invoke "LOG_HTTP_REQUEST";
}
}
# Default handler - 404
handler "NOT_FOUND" {
authentication {
reject;
}
final-authentication {
invoke "LOG_HTTP_REQUEST";
}
}
}
}
Related Documentation
http-basic-authaction - For details on action behavior.- Backend Configuration - Loading user data from various sources
- HTTP Server Configuration - HTTP server setup
- Pipeline Directives - Using
with/do/elsefor conditional logic - jsonfile Backend - JSON file backend configuration and user data format
- Execution Context - Available context variables including HTTP variables