A simple NSAPI script for Authentication
This is a very simple authentication script using the scripting plugin. The
authentication "database" is a simple variable that holds a set of usernames
and passwords in the format "username:password".
#
# A simple authentication script using nsapi scripting.
# If an "Authorization header does not exist, send a 401.
# If it exists, get rid of the leading "Basic " part,
# decode the rest, and compare with each entry in our
# authentication "table". if nothing matches, send a
# 401, else let the request proceed.
#
authlist = "honda:CBR600 yamaha:YzfR1 suzuki:giXXXer kawasaki:NinJa"
authfield = $rq.headers.authorization
if $authfield == ""
then
call unauth
else
#
# decode the "Authorization" value and get the user:pass information
#
call getuserpass
#
# compare the user:pass information with each entry in our authentication list
#
call checkuserpass
fi
req aborted
function checkuserpass()
{
for i in $authlist
do
if $i == $authfield
then
#
# We have a match. Let the request proceed.
#
req proceed
fi
done
call unauth
}
function getuserpass()
{
authfield = substr $authfield 6
authfield = b64decode $authfield
}
function unauth()
{
rq.srvhdrs.status = "401 Unauthorized"
rq.srvhdrs.WWW-authenticate = "basic realm=\"test\""
}
Trackback URL: http://blogs.sun.com/motor/entry/a_simple_authentication_script
