HTTP Authentication

RFC 2617 specifies two mechanism for HTTP authentication: basic and digest. WEBrick supports both authentication mechanisms. WEBrick verifies authentication information against user-specified Apache-compatible user database.

Sometimes, you find that setting up a user database file troublesome. With basic authentication, you can pass a block of code to WEBrick that returns true if the authentication token is valid or false otherwise. This is a shortcut to having to create a user database file.

realm = "Gnome's realm"
start_webrick {|server|
  server.mount_proc('/convenient_basic_auth') {|req, resp| 
    HTTPAuth.basic_auth(req, resp, realm) {|user, pass|
      # this block returns true if
      # authentication token is valid
      user == 'gnome' && pass == 'supersecretpassword'
    resp.body = 
      "You are authenticated to see the super secret data\n"

dede:~$ w3m -dump http://localhost:8080/convenient_basic_auth
Username for Gnome's realm: gnome
Password: supersecretpassword
You are authenticated to see the super secret data