Authentication for one Section of Site

I’ve got a set of pages that I want to require authentication on.

Any suggestions on how to handle authentication on those pages?

Thanks-
Michael

If your needs are small, you could set up your webserver to demand
HTTP authentication on those paths.

Sean

Right, that propbably would be the easiest.

I do like the idea of it all being in Ruby so you can just drop the
app on a server and go.

I think I could write an Extension to do this:

  • Extension action: process user/pass values, if valid sets session
    variable
  • Extension action: removes session variable
  • Extension has tag <r:auth:if_loggedin>mycontent</:rauth:if_loggedin>
  • Extension has tag <r:auth:unless_loggedin>go
    away</:rauth:unless_loggedin>

I would prefer to make it redirect w/flash message if you weren’t
authenticated. However I’m not quite sure how to do a rediect from a
class that extends Page?

Thanks for the response, and if there are any other ideas I’d love to
hear them.

-Michael

Michael J. wrote:

I do like the idea of it all being in Ruby so you can just drop the
app on a server and go.

I think I could write an Extension to do this:

  • Extension action: process user/pass values, if valid sets session variable
  • Extension action: removes session variable
  • Extension has tag <r:auth:if_loggedin>mycontent</:rauth:if_loggedin>
  • Extension has tag <r:auth:unless_loggedin>go away</:rauth:unless_loggedin>

The above would require that you maintain session state for each Web
site visitor, something that Radiant wasn’t designed to support out of
the box. It is probably possible to write an extension that would work
around this problem, but you may find it difficult.


John

Well all, I’m back :wink:

Anyways, just a quick question. I remember discussion about caching
still being hashed out for 0.6.0. My question is, is that I want to move
to 0.6.0, but my concern is caching. I have a LOT of traffic now and
don’t think my host would be thrilled with pegging the CPU and I hope
there is caching in place.

Thanks!

Andrew

Thanks for the note John, I see the sessions are turned off:

class SiteController < ApplicationController
session :off

end

I guess having sessions off provides better performance?

I think sessions would be needed for doing any sort or
ecomm/loggedin/user type extensions.

Guess I’ll got with basic auth for now.

Thanks-
Michael

Well all, I’m back :wink:

Anyways, just a quick question. I remember discussion about caching
still being hashed out for 0.6.0. My question is, is that I
want to move
to 0.6.0, but my concern is caching. I have a LOT of traffic now and
don’t think my host would be thrilled with pegging the CPU and I hope
there is caching in place.

Caching in 0.6.0 is pretty much the same mechanism as caching in 0.5.2 -
though there has been some performance improvements, if you’re currently
running 0.5.2, you should see a drop in cpu usage.

The figures in this email:

http://lists.radiantcms.org/pipermail/radiant-core/2007-January/000244.h
tml

Show the performance of the new caching mechanism - that’s running on an
AMD Athlon 1700 with 512mb RAM running apache2 with 2 fastcgid processes
(but the machine was also running a bunch of other processes, so the
figures may be slightly low).

If your host supports xsendfile (typically only if you’re using a
VPS/dedicated server and you’ve installed it yourself or they run
lighttpd), you can have performance only 4-8x slower than raw apache -
that’s quite good performance.

Dan.

I guess having sessions off provides better performance?

I think sessions would be needed for doing any sort or
ecomm/loggedin/user type extensions.

Guess I’ll got with basic auth for now.

Yes, it would provide slightly better performance, but the main problem
with sessions is that they would completely break the caching model of
radiant (radiant caches the headers of the requests, which would include
any cookie settings for the session).

If you want session enabled pages, I’d say to pump them through another
controller:

class RestrictedController < ApplicationController
session :on
no_login_required

attr_accessor :config, :cache

def initialize
@config = Radiant::Config
@cache = ResponseCache.instance
end

def show_page
@page = find_page(“restricted/#{url}”)
unless @page.nil?
@page.process(request, response)
@performed_render = true
else
render :template => ‘site/not_found’, :status => 404
end
rescue Page::MissingRootPageError
redirect_to welcome_url
end
end

define_routes do |map|
map.with_options(:controller => ‘restricted’) do |restricted|
restricted.connect ‘restricted/*url’, :action => ‘show_page’
end
end

Something like that anyway.

Dan.