I have a requirement where I need to authenticate a user connection
BEFORE it is handed off to Rails. Normally this is handled via an
.htacess file or use mod_auth_ldap or something similar. Here’s the
rub… I want Rails to be the sole writer of login & password
information. This means I need to get Apache to read the Rails database
and compare the HTTP credentials to the contents therein.
Anyone do this before? What mod_* did you use for Apache? Is there
another methodology or mechanism I should be investigating? Am I stuck
with moving all user data into LDAP and requiring both Apache and Rails
to use it?
I looked at adding a simple DB lookup to a Mongrel handler, but for my
purposes the handler would run too late (i.e. after the entire HTTP body
is read). I need this authentication to run as soon as the header is
complete. Plus, the Mongrel docs are pretty clear in saying that
authentication should be handled outside Mongrel by a static HTTP
server, Mongrel isn’t all things to all people, it’s just a pure HTTP
Thanks for your input.