3. Security and Validation

basicAuthentication

Version

Requires HTTP Basic credentials (the Authorization: Basic header) on each request and verifies them against the configured users or user data provider. On success the request continues and an HTTP Basic security scheme carrying the username is attached to the exchange; the Authorization header is removed before the request is forwarded. A missing or invalid credential is rejected with 401 and a WWW-Authenticate challenge. See the examples under examples/security/basic-auth and the tutorial tutorials/security/30-Basic-Authentication.yaml.
 basicAuthentication:
   [ removeAuthorizationHeader: true | false ]   # default: true
   users:                                        # built-in store
     - username: alice
       password: secret
     ...
   # or, instead of users, a pluggable provider:
   [ staticUserDataProvider | htpasswdFileProvider | jdbcUserDataProvider | ldapUserDataProvider ]
 

Example Configuration

api:
port: 2000
flow:
- basicAuthentication:
users:
- username: user
password: user123
- username: admin
password: admin456
target:
url: https://api.predic8.de
api:
   port: 2000
   flow:
     - basicAuthentication:
         users:
           - username: user
             password: user123
           - username: admin
             password: admin456
   target:
     url: https://api.predic8.de

Syntax

basicAuthentication:
'$ref': <string>
cachingUserDataProvider: {}
customStatementJdbcUserDataProvider: {}
htpasswdFileProvider: {}
jdbcUserDataProvider: {}
ldapUserDataProvider: {}
removeAuthorizationHeader: <boolean>
staticUserDataProvider: {}
unifyingUserDataProvider:
- <userDataProviders>
users:
- <staticUserDataProvider-user>
basicAuthentication:
  '$ref': <string>
  cachingUserDataProvider: {}
  customStatementJdbcUserDataProvider: {}
  htpasswdFileProvider: {}
  jdbcUserDataProvider: {}
  ldapUserDataProvider: {}
  removeAuthorizationHeader: <boolean>
  staticUserDataProvider: {}
  unifyingUserDataProvider:
    - <userDataProviders>
  users:
    - <staticUserDataProvider-user>

Attributes

NameRequiredDefaultDescriptionExamples
$reffalse-Reference a component defined under components.-
removeAuthorizationHeaderfalsetrueWhether to strip the Authorization header after successful authentication so the credentials are not forwarded to the backend. Set to false when the backend also validates them.false

Child Structure

ElementCardinalityDescription
cachingUserDataProvider0..1Caching User Data provider caches previous successful logins in order to make authentication faster
customStatementJdbcUserDataProvider0..1
htpasswdFileProvider0..1A user data provider utilizing htpasswd-style files.
jdbcUserDataProvider0..1
ldapUserDataProvider0..1A user data provider querying an LDAP server to authorize users and retrieve attributes.
staticUserDataProvider0..1A user data provider listing all user data in-place in the config file.
userDataProviders0..*
staticUserDataProvider-user0..*Username/password pairs accepted by the built-in user store. Used when no userDataProvider is configured; each entry takes a username and a password.

Can be used in