3 The HTTP server libraries
AllApplicationManualNameSummaryHelp

3.5 HTTP Authentication

The module http/http_authenticate provides the basics to validate an HTTP Authorization error. User and password information are read from a Unix/Apache compatible password file. This information, as well as the validation process is cached to achieve optimal performance.

http_authenticate(+Type, +Request, -User)
rue if Request contains the information to continue according to Type. Type identifies the required authentication technique:
basic(+PasswordFile)
Use HTTP Basic authentication and verify the password from PasswordFile. PasswordFile is a file holding usernames and passwords in a format compatible to Unix and Apache. Each line is record with : separated fields. The first field is the username and the second the password _hash_. Password hashes are validated using crypt/2.

Successful authorization is cached for 60 seconds to avoid overhead of decoding and lookup of the user and password data.

http_authenticate/3 just validates the header. If authorization is not provided the browser must be challenged, in response to which it normally opens a user-password dialogue. Example code realising this is below. The exception causes the HTTP wrapper code to generate an HTTP 401 reply. 

    ...,
    (   http_authenticate(basic(passwd), Request, User)
    ->  true
    ;   throw(http_reply(authorise(basic, Realm)))
    ).

Alternatively basic(+PasswordFile) can be passed as an option to http_handler/3.

Powered by SWI-Prolog 5.11.4