I want to create a WebService in Ruby (Sinatra, Padrino, maybe Ramaze... don't know yet...), but I definitely want to secure it...
It will be the backeend for an Iphone-App, so I think SSL-Secured HTTP-Basic-Auth will be fine.
I've been looking around at several authentication Frameworks and came across warden... Seems to be pretty well documented, and devise is build on top of it... So can't be that bad...
But... seemd to me a little bit overkill, for what I need...
Then I found this Code-Snipplet:
def protected!
unless authorized?
response['WWW-Authenticate'] = %(Basic realm="Testing HTTP Auth")
throw(:halt, [401, "Not authorized\n"])
end
end
def authorized?
@auth ||= Rack::Auth::Basic::Request.new(request.env)
@auth.provided? && @auth.basic? && @auth.credentials && @auth.cr开发者_如何学Pythonedentials == ['admin', 'admin']
end
Looks if I just don't need more than that atm... Or can any of you guys provide a nice Example of Warden + HTTP-Basic Auth? Or explain me more benefits of using warden?
Thanks in advance!!! :)
Not completey sure what you are trying to achieve here. However we have a Rails app where we use Warden (+ devise) combined with HTTP-Basic-Auth using middleware to hide our staging instance. This is what we put into config/environments/staging.rb:
config.middleware.insert_after(::Rack::Lock, "::Rack::Auth::Basic", "Not for public eyes") do |u, p|
u == 'admin' && p == 'secret'
end
This works side by side with our Warden authentication rules.
精彩评论