First up, HTTP authentication. In the merb.yml it says the following:
# If you want to protect some or all of your app with HTTP basic auth then
# uncomment the following and fill in your credentials you want it to use.
# You will then need to set a 'before' filter in a controller. For example:
# before :basic_authentication
#:basic_auth:
# :username: ezra
# :password: password
# :domain: localhost
All well and good, but what if you want to validate the authentication against a database of users?
Well the answer is to overwrite the authenticated? method in BasicAuthenticationMixin
This is easy to do, in your application.rb, do something like this:
class Application < Merb::Controller
before :basic_authentication
private
def authenticated?
# if you want get the username and password that was inputted via http use:
# username, password = *credentials
# then validate the user by authenticating against a datbase or whatever
# make sure the return value is true or false
end
end
Note: You still have to uncomment the basic_auth configuration in merb.yml. But it doesn't matter what the username/password is there since you'll be overriding them anyways.
3 comments:
great to see other playing around with merb. any idea how to kill a http session?
I just close the browser and reopen it!
yeah. it seems that is the only way without hacks. I have decided to do session based authentication for http requests and HTTP for all the other mime types. thanks for the quick response.
Post a Comment