Forum: Ruby on Rails RESTful Authentication

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Yottameter (Guest)
on 2007-03-02 06:53
(Received via mailing list)
I've seen the RESTful Authentication plugin that Rick Olsen has, and
was wondering if anyone has used it, or can answer my questions:

1. What does RESTful Authentication really mean? How does CRUD  fit
into this?

Create - Create new user
Read - What does it mean to 'read' a user?
Update - Change the user name, etc?
Destroy - Remove user account

Seems like you would have to have a session id anyways, otherwise how
do you authorize?

2. How do sessions fit into CRUD? Is the session the object of the
CRUD, as opposed to a user?

3. What's the benefit of this over acts_as_authenticated?

Thanks!
jko170 (Guest)
on 2007-03-02 07:21
(Received via mailing list)
I'm still a newb but I'll answer to the best of my ability.
Authorization is enforced using a  before_filter set to certain
controller's and actions of your choice. The advantage over
acts_as_authenticated, that I see as a newb, is your getting rid of
the admin controller. Less code for the same function is always
better.
James S. (Guest)
on 2007-03-02 17:27
(Received via mailing list)
On Mar 1, 2007, at 11:48 PM, Yottameter wrote:
>
> Seems like you would have to have a session id anyways, otherwise
> how do you authorize?

The restful_authentication plugin adds a couple of things over
acts_as_authenticated.

One is refactoring users and sessions to follow CRUD conventions.
Your list above is about right. 'Read' isn't enabled by default, but
could be used, for example, to show a user's profile page.

The other thing that it adds is support for HTTP authentication of
web service requests, which is the most standard way to do
authentication for RESTful APIs. That's the real benefit of this
plugin over acts_as_authenticated imho -- the same code will now
handle both your standard login page and your API.

> 2. How do sessions fit into CRUD? Is the session the object of the
> CRUD, as opposed to a user?

You can create/destroy sessions just as you would any other resource.

In restful_authentication for standard web pages (ie. not using the
API) that will usually create a cookie which is used to store your
session ID just like in acts_as_authenticated.

James.


--
James S.
Play: http://james.anthropiccollective.org
Work: http://jystewart.net/process/
This topic is locked and can not be replied to.