每天一剂Rails良药之http_authentication - 每天一剂Rails良药

群组首页 → 编程语言 → 每天一剂Rails良药 → 知识库 → 每天一剂Rails良药之http_authentication

原创作者: hideto 阅读:990次评论:0条更新时间:2011-05-26

今天我们来看看Rails的HTTP Basic认证插件http_authentication
安装该插件后我们写一个TestController来看看效果:

class TestController < ApplicationController
  USER_NAME, PASSWORD = "dhh", "secret"
  
  before_filter :authenticate, :except => [ :index ]
  
  def index
    render :text => "Everyone can see me!"
  end
  
  def edit
    render :text => "I'm only accessible if you know the password"
  end
  
  private
    def authenticate
      authenticate_or_request_with_http_basic do |user_name, password| 
        user_name == USER_NAME && password == PASSWORD
      end
    end
end

我们访问http://localhost:3000/test/edit会看到浏览器弹出HTTP Basic登录窗口
其中http_authentication核心代码basic.rb如下:

require 'base64'

module HttpAuthentication
  module Basic
    extend self

    module ControllerMethods
      def authenticate_or_request_with_http_basic(realm = "Application", &login_procedure)
        authenticate_with_http_basic(&login_procedure) || request_http_basic_authentication(realm)
      end

      def authenticate_with_http_basic(&login_procedure)
        HttpAuthentication::Basic.authenticate(self, &login_procedure)
      end

      def request_http_basic_authentication(realm = "Application")
        HttpAuthentication::Basic.authentication_request(self, realm)
      end
    end

    def authenticate(controller, &login_procedure)
      if authorization(controller.request)
        login_procedure.call(*user_name_and_password(controller.request))
      else
        false
      end
    end

    def user_name_and_password(request)
      decode_credentials(request).split(/:/, 2)
    end
  
    def authorization(request)
      request.env['HTTP_AUTHORIZATION']   ||
      request.env['X-HTTP_AUTHORIZATION'] ||
      request.env['X_HTTP_AUTHORIZATION']
    end
    
    def decode_credentials(request)
      Base64.decode64(authorization(request).split.last)
    end

    def encode_credentials(user_name, password)
      "Basic #{Base64.encode64("#{user_name}:#{password}")}"
    end

    def authentication_request(controller, realm)
      controller.headers["WWW-Authenticate"] = %(Basic realm="#{realm.gsub(/"/, "")}")
      controller.render :text => "HTTP Basic: Access denied.\n", :status => :unauthorized
      return false    
    end
  end
end

我们看到authenticate_or_request_with_http_basic方法的参数为&login_procedure，即一个登录代码block，具体认证方法我们可以自己灵活实现

每天一剂Rails良药之javascript_test | 每天一剂Rails良药之exception_notificati ...

评论共 0 条请登录后发表评论

发表评论

您还没有登录,请您登录后再发表评论

文章信息

知识库: 每天一剂Rails良药

由hideto在2007-06-01创建
由hideto在2011-05-26更新