本文介绍Rails中HTTPBasic认证插件http_authentication的使用方法。通过安装此插件并配置控制器,可以实现基本的HTTP认证功能。文章展示了如何定义认证逻辑及页面访问权限控制。
今天我们来看看Rails的HTTP Basic认证插件http_authentication
安装该插件后我们写一个TestController来看看效果:
[code]
class TestController < ApplicationController
USER_NAME, PASSWORD = "dhh", "secret"
before_filter :authenticate, :except => [ :index ]
def index
render :text => "Everyone can see me!"
end
def edit
render :text => "I'm only accessible if you know the password"
end
private
def authenticate
authenticate_or_request_with_http_basic do |user_name, password|
user_name == USER_NAME && password == PASSWORD
end
end
end
[/code]
我们访问[url]http://localhost:3000/test/edit[/url]会看到浏览器弹出HTTP Basic登录窗口
其中http_authentication核心代码basic.rb如下:
[code]
require 'base64'
module HttpAuthentication
module Basic
extend self
module ControllerMethods
def authenticate_or_request_with_http_basic(realm = "Application", &login_procedure)
authenticate_with_http_basic(&login_procedure) || request_http_basic_authentication(realm)
end
def authenticate_with_http_basic(&login_procedure)
HttpAuthentication::Basic.authenticate(self, &login_procedure)
end
def request_http_basic_authentication(realm = "Application")
HttpAuthentication::Basic.authentication_request(self, realm)
end
end
def authenticate(controller, &login_procedure)
if authorization(controller.request)
login_procedure.call(*user_name_and_password(controller.request))
else
false
end
end
def user_name_and_password(request)
decode_credentials(request).split(/:/, 2)
end
def authorization(request)
request.env['HTTP_AUTHORIZATION'] ||
request.env['X-HTTP_AUTHORIZATION'] ||
request.env['X_HTTP_AUTHORIZATION']
end
def decode_credentials(request)
Base64.decode64(authorization(request).split.last)
end
def encode_credentials(user_name, password)
"Basic #{Base64.encode64("#{user_name}:#{password}")}"
end
def authentication_request(controller, realm)
controller.headers["WWW-Authenticate"] = %(Basic realm="#{realm.gsub(/"/, "")}")
controller.render :text => "HTTP Basic: Access denied.\n", :status => :unauthorized
return false
end
end
end
[/code]
我们看到authenticate_or_request_with_http_basic方法的参数为&login_procedure,即一个登录代码block,具体认证方法我们可以自己灵活实现
安装该插件后我们写一个TestController来看看效果:
[code]
class TestController < ApplicationController
USER_NAME, PASSWORD = "dhh", "secret"
before_filter :authenticate, :except => [ :index ]
def index
render :text => "Everyone can see me!"
end
def edit
render :text => "I'm only accessible if you know the password"
end
private
def authenticate
authenticate_or_request_with_http_basic do |user_name, password|
user_name == USER_NAME && password == PASSWORD
end
end
end
[/code]
我们访问[url]http://localhost:3000/test/edit[/url]会看到浏览器弹出HTTP Basic登录窗口
其中http_authentication核心代码basic.rb如下:
[code]
require 'base64'
module HttpAuthentication
module Basic
extend self
module ControllerMethods
def authenticate_or_request_with_http_basic(realm = "Application", &login_procedure)
authenticate_with_http_basic(&login_procedure) || request_http_basic_authentication(realm)
end
def authenticate_with_http_basic(&login_procedure)
HttpAuthentication::Basic.authenticate(self, &login_procedure)
end
def request_http_basic_authentication(realm = "Application")
HttpAuthentication::Basic.authentication_request(self, realm)
end
end
def authenticate(controller, &login_procedure)
if authorization(controller.request)
login_procedure.call(*user_name_and_password(controller.request))
else
false
end
end
def user_name_and_password(request)
decode_credentials(request).split(/:/, 2)
end
def authorization(request)
request.env['HTTP_AUTHORIZATION'] ||
request.env['X-HTTP_AUTHORIZATION'] ||
request.env['X_HTTP_AUTHORIZATION']
end
def decode_credentials(request)
Base64.decode64(authorization(request).split.last)
end
def encode_credentials(user_name, password)
"Basic #{Base64.encode64("#{user_name}:#{password}")}"
end
def authentication_request(controller, realm)
controller.headers["WWW-Authenticate"] = %(Basic realm="#{realm.gsub(/"/, "")}")
controller.render :text => "HTTP Basic: Access denied.\n", :status => :unauthorized
return false
end
end
end
[/code]
我们看到authenticate_or_request_with_http_basic方法的参数为&login_procedure,即一个登录代码block,具体认证方法我们可以自己灵活实现
扫一扫
325
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
