- Documentation
- Reference manual
- Packages
- SWI-Prolog HTTP support
- The HTTP server libraries
- Creating an HTTP reply
- library(http/http_dispatch): Dispatch requests in the HTTP server
- library(http/http_dirindex): HTTP directory listings
- library(http/http_files): Serve plain files from a hierarchy
- library(http/http_session): HTTP Session management
- library(http/http_cors): Enable CORS: Cross-Origin Resource Sharing
- library(http/http_authenticate): Authenticate HTTP connections using 401 headers
- library(http/http_digest): HTTP Digest authentication
- library(http/http_dyn_workers): Dynamically schedule HTTP workers.
- Custom Error Pages
- library(http/http_openid): OpenID consumer and server library
- Get parameters from HTML forms
- Request format
- Running the server
- The wrapper library
- library(http/http_host): Obtain public server location
- library(http/http_log): HTTP Logging module
- library(http/http_server_health): HTTP Server health statistics
- Debugging HTTP servers
- library(http/http_header): Handling HTTP headers
- The library(http/html_write) library
- library(http/js_write): Utilities for including JavaScript
- library(http/http_path): Abstract specification of HTTP server locations
- library(http/html_head): Automatic inclusion of CSS and scripts links
- library(http/http_pwp): Serve PWP pages through the HTTP server
- The HTTP server libraries
- SWI-Prolog HTTP support
3.7 library(http/http_authenticate): Authenticate HTTP connections using 401 headers
This module provides the basics to validate an HTTP Authorization
header. User and password information are read from a Unix/Apache
compatible password file.
This library provides, in addition to the HTTP authentication, predicates to read and write password files.
- http_authenticate(+Type, +Request, -Fields)
- True if Request contains the information to continue
according to Type. Type identifies the required
authentication technique:
- basic(+PasswordFile)
- Use HTTP
Basic
authetication and verify the password from PasswordFile. PasswordFile is a file holding usernames and passwords in a format compatible to Unix and Apache. Each line is record with:
separated fields. The first field is the username and the second the password hash. Password hashes are validated using crypt/2.
Successful authorization is cached for 60 seconds to avoid overhead of decoding and lookup of the user and password data.
http_authenticate/3 just validates the header. If authorization is not provided the browser must be challenged, in response to which it normally opens a user-password dialogue. Example code realising this is below. The exception causes the HTTP wrapper code to generate an HTTP 401 reply.
( http_authenticate(basic(passwd), Request, Fields) -> true ; throw(http_reply(authorise(basic, Realm))) ).
Fields is a list of fields from the password-file entry. The first element is the user. The hash is skipped. - To be done
- Should we also cache failures to reduce the risc of DoS attacks?
- [semidet]http_authorization_data(+AuthorizeText, ?Data)
- Decode the HTTP
Authorization
header. Data is a termMethod(User, Password)
where Method is the (downcased) authorization method (typically
basic
), User is an atom holding the user name and Password is a list of codes holding the password - [nondet]http_current_user(+File, ?User, ?Fields)
- True when User is present in the htpasswd file File
and Fields provides the additional fields.
Fields are the fields from the password file File, converted using name/2, which means that numeric values are passed as numbers and other fields as atoms. The password hash is the first element of Fields and is a string. - [det]http_read_passwd_file(+Path, -Data)
- Read a password file. Data is a list of terms of the format
below, where User is an atom identifying the user, Hash is a string
containing the salted password hash and Fields contain additional
fields. The string value of each field is converted using name/2
to either a number or an atom.
passwd(User, Hash, Fields)
- [det]http_write_passwd_file(+File, +Data:list)
- Write password data Data to File. Data
is a list of entries as below. See http_read_passwd_file/2
for details.
passwd(User, Hash, Fields)
- To be done
- Write to a new file and atomically replace the old one.
- [multifile]http:authenticate(+AuthData, +Request, -Fields)
- Plugin for
library(http_dispatch)
to perform basic HTTP authentication.This predicate throws
http_reply(authorise(basic, Realm))
.AuthData must be a term basic(File, Realm)
Request is the HTTP request Fields describes the authenticated user with the option user(User)
and with the optionuser_details(Fields)
if the password file contains additional fields after the user and password.