Review Board 1.7.16

ARI authentication

Review Request #2649 - Created June 28, 2013 and submitted

David Lee
This patch adds authentication support to ARI.

Two authentication methods are supported. The first is HTTP Basic
authentication, as specified in RFC 2617[1]. The second is by simply
passing the username and password as an ?api_key query parameter
(which allows swagger-ui[2] to authenticate more easily).

ARI usernames and passwords are configured in the stasis_http.conf
file. The user may be set to `read_only`, which will prohibit the user
from issuing POST, DELETE, etc. The user's password may be specified
in either plaintext, or encrypted using the crypt() function.

Several other notes about the patch.

 * A few command line commands for seeing ARI config and status were
   also added.
 * The configuration parsing grew big enough that I extracted it to
   its own file.

Unit tests for crypt wrapper.

Testsuite tests for authn testing. See
Review request changed
Updated (July 3, 2013, 12:22 p.m.)
  • changed from pending to submitted
Committed in revision 393546 runs on a server provided by Digium, Inc. and uses bandwidth donated to the open source Asterisk community by API Digital Communications in Huntsville, AL USA.
Please report problems with this site to