Lockdown is a authentication/authorization system for RubyOnRails (ver
Lockdown operates on the principal of restrict all access unless access
been defined. Another difference with Lockdown is that instead of your
security rules being defined in your controllers (and therefore spread
across your application), all access is controlled via
lib/lockdown/init.rb. This where you will define the permissions and
groups that will define the access to your system. Yet another
is the absence of Roles. Instead of roles, users can be associated to
or many user groups which allows for superb flexibility.
Lockdown also comes with a generator to give you a nice head start with
project. It provides models, views, controllers, helpers, routes and
There’s more to know, but that’s what the wiki is for.
- Major refactor in preparation for Merb compatibility.
- New github project for RSpec tests: git://
Major changes to the security engine were made. Run your tests before
using in production.
There is a wiki, forum and issue tracking for Lockdown at