Authentication & Authorisation - Whats the common approach?


Just wondering what the most popular approach is for authentication and
authorisation in a rails application that is deployed and fronted by
apache? Also when there are say a couple of rails apps being hosted.


[1] Options would seem to include:

  • Do it within rails/your app? Use of a “before_filter” per the Rails
    Recipes book
  • Use of Apache to authenticator & define users? (I’m just assuming
    this is an option).

[2] Also if you wanted to have users use multiple deployed rails apps on
the same hosted site what mechanism is the most popular to leverage this
(i.e. a standalone rails user management web app, use of apache etc?)


[3] I assume this would need to be implemented in the ruby app but
a) do it separately in each app (i.e. re-implement each time) OR
b) have a common user/role table that each deployed rails app hooks into

  • in this case whats the best mechanism to extract/abstract the code out
    of each rails application?


Tks - i’ll read through this, but in particular I was keen to understand
the most popular approach.

I’m also interested to see whether Ruby or Rails has some equivalent
“external authentication/authorisation” approach like Java has with
standard API calls like “isUserInRole” and declaritive security
available. I’ll start reading… :slight_smile:

Brez! !! wrote: