HTTP Basic Authentication
Authenticate HTTP requests using HTTP Basic Auth
HTTP Basic Authentication is a simple authentication mechanism for HTTP requests where credentials are sent in the Authorization header. Radiator Server supports HTTP Basic Auth through the http-basic-auth action, which can be used to validate user credentials.
Basic Configuration
Here's a complete working example using a JSON file backend for user storage with access logging:
# HTTP server with Basic Authentication using jsonfile backend
include "%{env.RADIATOR_COMMON}/license.conf";
# Logging configuration
logging {
application {
file {
loglevel debug;
filename "<cwd>/radiator-server.log";
}
}
aaa {
logger "HTTP_LOG" {
file {
filename "<cwd>/http-server.log";
}
}
}
}
# JSON file backend for user authentication
backends {
jsonfile "USERS_DB" {
filename "<cwd>/users.json";
monitor false;
query "find_user" {
mapping {
user.username = doc | jsonpath("$.users[?(@.username == '%{aaa.identity}')].username");
user.password = doc | jsonpath("$.users[?(@.username == '%{aaa.identity}')].password");
}
}
}
}
# HTTP clients
clients {
http "API_CLIENTS" {
client "LOCAL" {
source {
ip 127.0.0.1;
ip ::1;
}
}
}
}
# HTTP server with Basic Auth
servers {
http "API_SERVER" {
listen {
protocol tcp;
ip 127.0.0.1;
port 8080;
}
clients "API_CLIENTS";
}
}
# AAA configuration
aaa {
pipeline "LOG_HTTP_REQUEST" {
log "HTTP_LOG" {
json {
"timestamp" datetime.timestamp;
"client_ip" http.client.ip;
"username" aaa.identity;
"method" http.method;
"path" http.path;
"status" http.status;
}
}
}
policy "DEFAULT" {
# Public health check - no auth required
handler "HEALTH" {
conditions all {
http.method == "GET";
http.path == "/health";
}
authentication {
modify { http.response.status = "ok"; }
accept;
}
final-authentication {
invoke "LOG_HTTP_REQUEST";
}
}
# Protected endpoint - requires Basic Auth
handler "PROTECTED" {
conditions all {
http.method == "GET";
http.path == "/api/protected";
}
authentication {
# Look up user from JSON file (aaa.identity is set from HTTP Basic Auth)
backend { name "USERS_DB"; query "find_user"; }
# Authenticate using HTTP Basic Auth (compares passwords)
http-basic-auth;
}
post-authentication {
modify {
http.response.authenticated = true;
http.response.username = aaa.identity;
http.response.message = "Welcome!";
}
accept;
}
final-authentication {
invoke "LOG_HTTP_REQUEST";
}
}
# Default handler - 404
handler "NOT_FOUND" {
authentication {
reject;
}
final-authentication {
invoke "LOG_HTTP_REQUEST";
}
}
}
}
Related Documentation
http-basic-authaction - For details on action behavior.- Backend Configuration - Loading user data from various sources
- HTTP Server Configuration - HTTP server setup
- Pipeline Directives - Using
with/do/elsefor conditional logic - jsonfile Backend - JSON file backend configuration and user data format
- Execution Context - Available context variables including HTTP variables
Architecture Overview
Backend Load Balancing
Basic Installation
Comparison Operators
Configuration Editor
Configuration Import and Export
Data Types
Duration Units
Execution Context
Execution Pipelines
Filters
Health check /live and /ready
High Availability and Load Balancing
High availability identifiers
HTTP Basic Authentication
Introduction
Local AAA Backends
Log storage and formatting
Management API privilege levels
Password Hashing
Pipeline Directives
Probabilistic Sampling
Prometheus scraping
PROXY Protocol Support
Radiator server health and boot up logic
Radiator sizing
Radiator software releases
Rate Limiting
Rate Limiting Algorithms
Reverse Dynamic Authorization
Template Rendering CLI
Tools radiator-client
TOTP/HOTP Authentication
What is Radiator?