-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Basic Auth for a server #64
Comments
I strongly support this. |
So what I went with here is an option called -users or --basicauthusers and it expects the format to be like this:
There's also |
Excellent. Here is the CommandBox ticket for it to be incorporated |
@denuno How should commas be escaped (likely in passwords that uses punctuation)? What do you think about using a scheme like URL encoding since there's already libs/built-ins out there for encoding/decoding for it? This would also take care of things like a double quote in a password.
|
Looking at your code it seems you already accounted for commas to be passed as |
@denuno Works pretty good. Before we set this in stone, what do you think about the ability to apply basic auth to a specific sub folder or path?
|
For 1, we can use a I rather like the idea of being able to plug in some auth easily. Configuration is an issue though, especially with limits on how long command lines can be and whatnot, and with various auth schema needing various types of info. I'm kinda thinking like, instead of passing various users/groups/paths/whatnot, we instead pass in a file path to a JSON file containing that info. I'm often using various 3rd party auth providers, it would be kinda cool to have container-level support for requiring auth based on the path... I think there's even a jee spec for doing so, ish, which might give some inspiration as to some type of generic user/group/rule define'n possibilities. |
From the CommandBox side of things, the setup looks like this:
A suggestion for #2 could look like this which would leave the default whole-site protection simple.
Or here's a simpler version that assumes there's nothing other than users to configure for a path:
Of course, this is all on the CommandBox side of things. I've still got to wrap it all up and send it over to Runwar. |
@denuno Someone pointed out to me today that the basic auth doesn't quite seem to be 100% yet. Once you log in, they expected the |
Looking at Undertow, I assume we need to be using this class? |
* Replace the default/catchall log handler with a name.contains( 'cfml' || 'undertow' ) filtered one. * Override web.xml REST mappings when passed in as argument. Refs #46 * Bump version to 3.6.0 and update Undertow. Closes #62 * Perhaps fix chrome as an option for browser opening, also first try preferred browser vs. firefox. * Fix relative resource path stuff, and greedy alias replacement. Closes #63 * Tone down the debug stuff. Refs #56 * try/catch (#68) * Try to fix some NPEs from the filters * Update Undertow to 1.4.11.Final. Closes #62 (at least until the next version comes out.) * Improve SSL support and add a Basic Auth feature. Might close #69 and close #64 * Add some performance tuning options for Undertow. Closes #71 * Allow aliases to be case insensitive. Closes #52 * Initial go at some load balancer / clustering stuff. Refs #73 * Add JSR websocket support. Closes #53 * backing up for a second to cut 3.6.0 * Release 3.6.0 * Bump to 3.6.1, put the loadbalance stuff back in. * Fix wildcard cert loading and add rough draft of adding/removing nodes from the balancer. * Add --directory-refresh option, defaulted to false. Closes #75 (until something better comes along) * Update loadbalancer stuff a bit, add caching resource manager for testing * Little better error when balancehost is incomplete. * Fix case sensitivy (#77) Thanks! * Improve ACF detection & fix missing cfcalsses folder (#78) * Add option to turn on proxy peer address handling (-proxypeeraddress,--proxy-peeraddress <true|false>). Closes #80 * Add option to disable system tray (-tray, --tray-enable <true|false>). Closes #81 * Add missing URLRewriteFilter init parameters (--urlrewrite-check <interval>, --urlrewrite-statuspath <path>). Closes #79 * Add support for HTTP2. Closes #72 * Update tray dependencies. Refs #82 * Add Tray class * Add NullPrintStream class * bump jre * Fix weird web.xml parse error, and add tray action to open file system browser. * Shutdown enhancements. * Looking at wrong flag (#84) Thanks! * Logging enhacements (#87) * Ensure we pass SystemTray a tooltip < 65 chars long. * Remove logback, add slf4j. * Looking at wrong flag (#84) Thanks! * Logging enhacements (#87) * Remove logback, add slf4j. * Suppress some startup stuff, both from slf4j and the availability check. * Default open-browser to true if url is specified. * A test for debugyness * Move try/catch to to ServerOptions versus everywhere else. * Add PID and other Tray things. Closes #89, Closes #90 * Tweak restart, don't think it's going to work though. * Rework the readme (#94) * Update the README * Update auth so remote_user is set. Closes #83 * Remove unused imports * Bump version for next release
https://github.com/undertow-io/undertow/blob/master/examples/src/main/java/io/undertow/examples/security/basic/BasicAuthServer.java
If we can pass a list of usernames and passwords via a new server option to Runwar then I can wrap this up in CommandBox.
The text was updated successfully, but these errors were encountered: