Basic Authentication for REST Services

Demonstrates securing of a REST service with basic authentication

Use Case Description

The REST service described under REST Service Mediation has to be secured by allowing access only to properly authenticated users. Unauthenticated requests to access the API should be declined with HTTP 401 responses with appropriate error messages.

Proposed Solution

HTTP basic authentication is utilized for the access control mechanism, where the user sends a Basic Authorization header with a base 64 encoded, colon-separated username-password pair as part of the API access request. UltraESB reads credentials from a CSV-formatted user credentials file, and decodes and validates passwords received on the Authorization headers against their respective usernames. If either the header cannot be parsed or it does not correspond to a valid username-password pair, UltraESB blocks the request and returns an HTTP 401 response along with an appropriate error message. Otherwise the request is allowed to proceed as in the case of the original REST service mediation flow.