Assignment 4
Due Date: 2019-11-17
Available Points: 20
This assignment builds on top of previous assignments and primarily focuses on authentication and authorization.Additional Methods
- No new methods
Additional Status Codes
401
Unauthorized
Additional Request Headers
Authorization
Additional Response Headers
WWW-Authenticate
Authorization-Info
Encodings
- No new encodings
Notes
- Implement
Basic
andDigest
Authentication as per Lecture 8 slides (and RFCs 7617 and 7616) - In your server configuration file: provide private key (any word or phrase) to use in generating
nonce
&opaque
values (though, this is not the safest way to do this) - Provide a configurable value for how to protect directories
- Default name is =
WeMustProtectThisHouse!
- All functions combined in a single file for simplicity (you would normally separate them)
- This file protects the directory it is in, and recursively protects all of its sub-directories
- Default name is =
- Sample file:
# Hashed lines are comments and order is not important
#
# Following are two special lines:
authorization-type=Basic
realm="Lane Stadium"
# Always quote realm since it might have spaces
#
# User format => name:md5(password)
mln:d3b07384d113edec49eaa6238ad5ff00
bda:c157a79031e1c40f85931829bc5fc552
jbollen:66e0459d0abbc8cd8bd9a88cd226a9b2
Submission and Evaluation
- Extract sample test files tarball into your web server’s document root
- Place your
Dockerfile
at the root of your repository (not inside of a nested folder) - Make your
Dockerfile
run your server on port80
by default - Release your implementation with the
a4
tag - Submissions will be evaluated using a variation of
cs531a4
test suite from our testing service and some manual inspection of responses and source code (if necessary) - Tests will be performed based on the contents and structure of the
a4-test
folder of the sample test files - One point will be awarded for passing test cases of each of the previous assignments (except certain test cases where there are obvious backward compatibility conflicts)