Using aspects to apply authentication

Greeting. I was wondering if anyone is using AOP (Aspect Oriented
Programming) to ensure login and authentication before allowing someone
access to controllers and models.

I found two versions of RCR 321 that discuss cut-based AOP, but as far
as I can tell there isn’t an implementation of the RCR as an AOP

Additionally, I tried to dig up information on Aspect4r and AspectR.
Aspect4r is a no-who. Aspect4 is out on SourceForge, but it doesn’t
appear to be an active project.

The problem I want to solve is eleminating boiler-plate code from
controllers and models that ensures a user is logged in and has rights
to access a controller or model.

This has to be a problem others are confronting and have already solved.
What approach is usually used? Does the Salt Login engine do this?

Does anyone use AOP?

Cody S. wrote:

“Aspect4r is a no-who.”

DOH! Make that “Aspect4r is a no-show” :o)

As I understand AOP, using :before_filter to “drop in” user
authentication is a classic case of AOP in action. This is a common
approach to that specific task; it redirects your app to a block of
code whenever a controller is accessed.

Similarly, using :after_filter to “drop in” logging would be another
case of following AOP practices in Rails. It’s probably not as common
as before_filter authentication, but I suspect a lot of people are
implementing logging in this fashion.

Authentication and logging are the two classic use cases for AOP,
although there’s obviously many others. However, I’d say support for
AOP is built into Rails via :before_filter and :after_filter, is
widely used, and there’s (possibly) no need to look at external
AOP/Ruby libraries for many/most AOP-style requirements.

Does this answer your question?


Dave M.

Yes it does. That isn’t a lot of code to add to a controller for the
functionality you get, and it just adds one more reason to love RoR.