Basic Authentication
Basic access authentication is a method for an HTTP user agent (e.g. a web browser) to provide a user name and password when making a request.
Last updated
Was this helpful?
Basic access authentication is a method for an HTTP user agent (e.g. a web browser) to provide a user name and password when making a request.
Last updated
Was this helpful?
CBSecurity supports the concept of HTTP in your ColdBox applications. Please note that this is a quick and easy way to provide security, but not the safest by any means. You have been warned!
In the context of an transaction, basic access authentication is a method for an (e.g. a ) to provide a username and password when making a request. In basic HTTP authentication, a request contains a header field in the form of Authorization: Basic <credentials>
, where credentials is the encoding of ID and password joined by a single colon :
.
Validator: BasicAuthValidator@cbsecurity
Basic auth settings: Where you configure users, passwords, roles, permissions, and encryption
CBSecurity allows you to use basic authentication with ANY authentication service.
This is the most basic configuration where we register a single user and tell the firewall to use the basic auth validator. Since the default authentication service is cbauth
I don't have to register it. Finally, since CBSecurity detects the BasicAuthValidator
and no registered user class, it will register the BasicAuthUserService
as well for you.
You can explicitly set the UserServiceClass
to be BasicAuthUserService@cbsecurity
if you wanted to.
Since Basic Authentication ONLY focuses on login, logout is left out of the equation. In CBSecurity, we have created a special event so you can securely log out users from basic authentication, which you can hit with ANY HTTP verb.
This will call the logout
method of the authentication service and set the following HTTP headers for you so your session can be rotated:
Ultimately, you can close your browser too.
ColdBox also supports the concept of basic authentication retrieval since the early version 2 days. ColdBox can detect, parse and give you a struct of username
and password
by leveraging the request context's getHTTPBasicCredentials()
method.
The first step is configuring your application to use as the of choice. We will configure two things:
All I have to do now is create or , and CBSecurity will leverage the browser's Basic Authentication Prompt when those resources are trying to be accessed. Once you put in your credentials, it will verify them against the registered users in the basicAuth
configuration dictionary.