basic-auth插件

描述

Basic-auth 是一个认证插件，匹配指定的用户名和密码即可通过认证.

作用范围

该插件即可用于全局插件，也可用于路由级插件。全局插件配置的优先级高于路由级插件配置，当同时在某一路由上配置了basic-auth的全局插件和路由级插件时，需正确带上全局插件配置中的用户名和密码值才能通过。

属性

consumer 端配置：

如何启用

在配置窗口页以YAML格式填写

配置示例

填写basic-auth的配置信息

username: "xxx"

password: "********"

启用/停用

在配置页面设置生效开关

验证插件

未启用插件时API请求结果

$ curl -i http://198.20.4.150:27151/apitest

 HTTP/1.1 200

 Content-Type: application/json

 Transfer-Encoding: chunked

 Connection: keep-alive

 Date: Fri, 23 Dec 2022 03:53:53 GMT

 Server: APISIX/2.13.3

 rspTest: hello,world

 [{"id":1,"productID":1,"reviewer":"Reviewer1","text":"THIS IS A GRAY VERSION "}]

启用插件时API请求结果

·        缺少 Authorization header

$ curl -i http://198.20.4.150:27151/apitest

 HTTP/1.1 401 Unauthorized

 Date: Fri, 23 Dec 2022 04:23:56 GMT

 Content-Type: text/plain; charset=utf-8

 Transfer-Encoding: chunked

 Connection: keep-alive

 WWW-Authenticate: Basic realm='.'

 Server: APISIX/2.13.3

 {"message":"Missing authorization in request"}

·        用户名不存在：

$ curl -i -umse:msegW@9527 http://198.20.4.150:27151/apitest

 HTTP/1.1 401 Unauthorized

 Date: Fri, 23 Dec 2022 04:25:08 GMT

 Content-Type: text/plain; charset=utf-8

 Transfer-Encoding: chunked

 Connection: keep-alive

 Server: APISIX/2.13.3

 {"message":"Invalid user key in authorization"}

·        密码错误：

$ curl -i -umsegw:msegW http://198.20.4.150:27151/apitest

 HTTP/1.1 401 Unauthorized

 Date: Fri, 23 Dec 2022 04:25:49 GMT

 Content-Type: text/plain; charset=utf-8

 Transfer-Encoding: chunked

 Connection: keep-alive

 Server: APISIX/2.13.3

 {"message":"Password is error"}

·        成功请求：

$ curl -i -umsegw:msegW@9527 http://198.20.4.150:27151/apitest

 HTTP/1.1 200

 Content-Type: application/json

 Transfer-Encoding: chunked

 Connection: keep-alive

 Date: Fri, 23 Dec 2022 04:26:16 GMT

 Server: APISIX/2.13.3

 rspTest: hello,world

 [{"id":1,"productID":1,"reviewer":"Reviewer1","text":"An extremely entertaining play by Shakespeare. "}]