Forum: Ruby on Rails Rails AWS authentication????

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Manish S. (Guest)
on 2006-04-14 06:56
(Received via mailing list)
I want to setup an api for my web app, but i had a few question on the
best
way to do this.  I was hoping for some input from you experienced
individuals and rails rock stars.

1)  Is there a way to implement a login in feature so that api methods
cant
be called without proper authorization?  This is so i can log activity
and
use of the api from different people and so
Kent S. (Guest)
on 2006-04-14 20:34
(Received via mailing list)
No, there is none, unless you are using something like wss4r. But I
think it
is an overkill for most of the projects.
Steve K. (Guest)
on 2006-04-14 20:51
For the part about securing yourn API methods, pretty much any of the
authorization plugins and engines out there can do this. You simply put
a check for authorization on the controllers or individual methods or
calls you want to protect. That's what they were written for.

However, many of the existing schemes, like LoginEngine/UserEngine do
the logins through web forms. You may need one that does server auth or
will accept user credentials as part of the request. I'm sure some of
the other current ones already do this, or you could always look at the
code in Bruce P.'s unfortunately abandoned ModelSecurity generator,
which IIRC does server auth and can fall back to a webform.

It might just be easier to write your own authorization method, put it
in application.rb or application_helper.rb, and apply it as a
before_filter in the relevant controllers. Google's API, for instance,
simply seems to check a non-secret key against the IP address of the
host calling it, since they issue API accounts on a per-server basis.
Your needs may be different.

Manish S. wrote:
> I want to setup an api for my web app, but i had a few question on the
> best
> way to do this.  I was hoping for some input from you experienced
> individuals and rails rock stars.
>
> 1)  Is there a way to implement a login in feature so that api methods
> cant
> be called without proper authorization?  This is so i can log activity
> and
> use of the api from different people and so
This topic is locked and can not be replied to.