Basic Auth Scheme

aah provides an easy to use Basic auth scheme. It supports two realms, file and dynamic. Choose per use case.

Realm Description
File Having known set of users defined in the config file. In addition, aah supports roles and permissions in the configuration.
Dynamic Subject’s data resides in datasources such as credentials, roles, and permissions. Implement interfaces authc.Authenticator and authz.Authorizer to provide authentication and authorization details. This approach is similar to Form auth scheme. Refer aah RESTFul APIs Basic Auth example.

Table of Contents

Configuration

aah supports one or more basic auth schemes.

Realm: File

basic_scheme_name { ... } configuration goes under section security.auth_schemes { ... }.

# -----------------------------------------------------------------------------
# Basic auth scheme
# Choose a unique key name. It gets used as route auth.
#
# Doc: https://docs.aahframework.org/auth-schemes/basic.html
# -----------------------------------------------------------------------------
basic_scheme_key {
  # Auth scheme name.
  # Supported values are `form`, `oauth2`, `basic` and `generic`.
  #
  # It is required value, no default.
  scheme = "basic"

  # Realm name is used for `Www-Authenticate` HTTP header.
  #
  # Note: Modern browsers are not utilizing this value now a days.
  # However, aah does its due diligence.
  realm_name = "Protected"

  # Basic auth realm file path. Path have to be absolute path.
  #
  # It is required value, no default.
  file_realm = "/path/to/basic-realm-file.conf"

  # Password encoder is used to configure password algorithm. aah validates
  # subject credentials with application provided credentials.
  #
  # Doc: https://docs.aahframework.org/password-encoders.html
  #
  # Default value is `bcrypt`.
  password_encoder = "bcrypt"
}

Credentials config file Format

Repeat this configuration section for every user. Roles and Permissions attributes are optional.

<username> {
  # Password is the required value.
  password = "encrypted password value"

  # Roles attribute is optional.
  roles = ["role1", "role2"]

  # Permissions attribute is optional.
  permissions = [
    "permission1:read",
    "permission2:read,write",
  ]
}

File Realm: Example Config

jeeva {
  password = "$2y$10$2A4GsJ6SmLAMvDe8XmTam.MSkKojdobBVJfIU7GiyoM.lWt.XV3H6"
  roles = ["admin", "supervisor"]
  permissions = [
    "newsletter:read,write"
  ]
}

mark {
  password = "$2y$10$2A4GsJ6SmLAMvDe8XmTam.MSkKojdobBVJfIU7GiyoM.lWt.XV3H6"
  permissions = [
    "newsletter:read,write"
  ]
}

Realm: Dynamic

basic_scheme_name { ... } configuration goes under section security.auth_schemes { ... }.

# -----------------------------------------------------------------------------
# Basic auth scheme
# Choose a unique key name. It gets used as route auth.
#
# Doc: https://docs.aahframework.org/auth-schemes/basic.html
# -----------------------------------------------------------------------------
basic_scheme_key {
  # Auth scheme name.
  # Supported values are `form`, `oauth2`, `basic` and `generic`.
  #
  # It is required value, no default.
  scheme = "basic"

  # Realm name is used for `Www-Authenticate` HTTP header.
  #
  # Note: Modern browsers are not respecting this values now a days.
  # However, aah does its due diligence.
  realm_name = "Protected"

  # To provide subject's authentication info during a login flow, implement
  # interface `authc.Authenticator` and configure here. aah validates the
  # credential using configured password encoder.
  #
  # It is required value, no default.
  authenticator = "security/AuthenticationProvider"

  # To provide subject's Roles and Permissions, implement interface
  # `authz.Authorizer` and configure here.
  #
  # It is required value, no default.
  authorizer = "security/AuthorizationProvider"

  # Password encoder is used to configure password algorithm. aah validates
  # subject credentials with application provided credentials.
  #
  # Doc: https://docs.aahframework.org/password-encoders.html
  #
  # Default value is `bcrypt`.
  password_encoder = "bcrypt"
}

Example Config: basic_auth

Configuration from aah RESTFul APIs Basic Auth example.

# -----------------------------------------------------------------------------
# Basic auth scheme
# Choose a unique key name. It gets used as route auth.
#
# Doc: https://docs.aahframework.org/auth-schemes/basic.html
# -----------------------------------------------------------------------------
basic_auth {
  scheme = "basic"
  realm_name = "Protected APIs"
  authenticator = "security/BasicAuthenticationProvider"
  authorizer = "security/BasicAuthorizationProvider"
}