Securing URL with Rails

Joshua_Jackson · June 24, 2008, 12:50pm

Dear all,

How do we secure URL with rails? So only authenticated and authorized
users allowed to view certain URL. Is there any configuration that I
must set for this?

Many thanks

Joshua_Jackson · June 24, 2008, 1:35pm

Joshua Jackson wrote:

Dear all,

How do we secure URL with rails? So only authenticated and authorized
users allowed to view certain URL. Is there any configuration that I
must set for this?

Many thanks

Well i guess its not the url but the method which needs to be
secured…say suppose the edit page which is accessible only to the admin
so in the method u can define that the logged in user should be
admin…and thats how u can put restriction on the user to access that
particular path / url

Hope this helps

Thanks

Dhaval P.
Software Engineer
Ruby on Rails
www.railshouse.com
sales(AT)railshouse(DOT)com

Joshua_Jackson · June 24, 2008, 4:31pm

Hi guys,

First of all thanks very much for the response. But since I have no
experience with Rails yet, could anyone give me a sample code? Also
I’ve heard about restful_authentification are able to do this? Does
anyone know where can I get it? I’ve used gem but ended with no luck.

Many thanks,

Joshua_Jackson · June 24, 2008, 3:53pm

Dhaval’s right. small addition to his reply:

if you wanna secure a whole part of your url (speak yoururl/admin/*
for example) it’s probably the best to put

“before_filter :validate_login” and the implementation of your
validate_login-method

either into a specific-controller to secure this part of your webapp
(i.e. admin_controller.rb),
or into the application_controller.rb to secure your whole app.

That way Rails is always calling your validate_login-method before
calling the actual action.

Hope this works!

Good luck! Simon

On Jun 24, 1:35 pm, Dhaval P. [email protected]

Joshua_Jackson · June 24, 2008, 9:20pm

Joshua,

There are plugin available that make this very easy to accomplish. My
personal favorite, and the one I use for all my projects is
restful_authentication.

http://agilewebdevelopment.com/plugins/restful_authentication

Very easy to get started using this plugin and will give you the
functionality that you’re looking for. Begin by reading the README
included with the plugin. Then take a look at the files that get added
to your ./lib directory of your project for more details.