In my webapp’s home page, I provide a login panel for users to login.
I don’t want my home page(the index action) to be accessed through SSL,
but I do want the login information submitted from the homepage’s login
panel to be SSL.
But if I don’t make my home page require SSL, user’s login info is
submited first through non-ssl request(non-securely), then the server
redirects the browser to submit the information through SSL.
Is there a way for me to generate the SSL-enabled link for login based
on my ssl_requirement configuration on login from the controller?
maybe override the link generation helper?
With that plugin you can configure SSL per action, and is integrated
with URL generation.
There’s a couple of things to note about it. There’s no API to
configure an entire controller as secure. I solved that with this
class method:
A controller makes this call to declare all their actions run
behind SSL.
The call must be put at the bottom of the code, so that the
public methods
are known and returned by public_instance_methods.
def self.this_controller_only_responds_to_https
include SecureActions
require_ssl *self.public_instance_methods(false).map(&:to_sym)
end
The other thing is that the plugin as of revision 14 expects explicit
controllers and actions in your calls to url_for (via link_to or
whatever). It looks up the pair in a table to figure out whether it
needs to select “https” as protocol. The attached patch fixes that.
El Jul 13, 2007, a las 1:23 PM, Xavier N.
escribió:
There’s a couple of things to note about it.
I forgot a third detail.
Secure actions are declared with the class method require_ssl in
controllers, so you need to load a controller to let the plugin know
his secure actions, if any.
OK, you know automatic class loading is triggered by const_missing in
Rails. Now let’s suppose /public/index has a link to /account/login,
when you start the server even in production mode the link in the
home won’t be secure until someone hits AccountController. And that
argument extends to all the links in the site. The protocol in their
generation needs to have the corresponding controller class loaded.
That’s why I force class preloading in environment.rb (or
production.rb if you prefer that file), like this towards the bottom
of the file:
if RAILS_ENV == ‘production’
USE_SSL = true
# Trigger controller class loading to execute SSL-related
# declarations, this way we have the correct links right away.
require ‘application’
ActionController::Routing.possible_controllers.each do |c|
# known to work without directories
“#{c.camelize}Controller”.constantize
end
end
I tried to force class loading at the end of my environemnt.rb file.
I got a nasty error: “A copy of AuthenticatedSystem has been removed
from the module tree but is still active!†whenever I try to access a
2nd page after I boot up webrick.
AuthenticatedSystem is from plugin acts_as_authenticated
If I remove the class loading part from my env.rb file, things are fine.
Is there another way to force the class loading?
Thanks.
Yaxm.
Xavier N. wrote:
El Jul 13, 2007, a las 1:23 PM, Xavier N.
escribi�:
There’s a couple of things to note about it.
I forgot a third detail.
Secure actions are declared with the class method require_ssl in
controllers, so you need to load a controller to let the plugin know
his secure actions, if any.
OK, you know automatic class loading is triggered by const_missing in
Rails. Now let’s suppose /public/index has a link to /account/login,
when you start the server even in production mode the link in the
home won’t be secure until someone hits AccountController. And that
argument extends to all the links in the site. The protocol in their
generation needs to have the corresponding controller class loaded.
That’s why I force class preloading in environment.rb (or
production.rb if you prefer that file), like this towards the bottom
of the file:
if RAILS_ENV == ‘production’
USE_SSL = true
# Trigger controller class loading to execute SSL-related
# declarations, this way we have the correct links right away.
require ‘application’
ActionController::Routing.possible_controllers.each do |c|
# known to work without directories
“#{c.camelize}Controller”.constantize
end
end
I found out that I can’t use “require” but need to use
“require_dependence” in my environment.rb file
require_dependency ‘application’
ActionController::Routing.possible_controllers.each do |c|
known to work without directories
“#{c.camelize}Controller”.constantize
end
Yaxm Y. wrote:
I tried to force class loading at the end of my environemnt.rb file.
I got a nasty error: “A copy of AuthenticatedSystem has been removed
from the module tree but is still active!†whenever I try to access a
2nd page after I boot up webrick.
AuthenticatedSystem is from plugin acts_as_authenticated
If I remove the class loading part from my env.rb file, things are fine.
Is there another way to force the class loading?
Thanks.
Yaxm.
Xavier N. wrote:
El Jul 13, 2007, a las 1:23 PM, Xavier N.
escribi�:
There’s a couple of things to note about it.
I forgot a third detail.
Secure actions are declared with the class method require_ssl in
controllers, so you need to load a controller to let the plugin know
his secure actions, if any.
OK, you know automatic class loading is triggered by const_missing in
Rails. Now let’s suppose /public/index has a link to /account/login,
when you start the server even in production mode the link in the
home won’t be secure until someone hits AccountController. And that
argument extends to all the links in the site. The protocol in their
generation needs to have the corresponding controller class loaded.
That’s why I force class preloading in environment.rb (or
production.rb if you prefer that file), like this towards the bottom
of the file:
if RAILS_ENV == ‘production’
USE_SSL = true
# Trigger controller class loading to execute SSL-related
# declarations, this way we have the correct links right away.
require ‘application’
ActionController::Routing.possible_controllers.each do |c|
# known to work without directories
“#{c.camelize}Controller”.constantize
end
end
I place the constanize codes at the bottom of my environment.rb file.
this error only happens when I use ‘require’ instead of
‘require_dependency’
ArgumentError (A copy of AuthenticatedSystem has been removed from the
module tree but is still active!):
/usr/lib/ruby/gems/1.8/gems/activesupport-1.4.4/lib/active_support/dependencies.rb:237:in load_missing_constant' /usr/lib/ruby/gems/1.8/gems/activesupport-1.4.4/lib/active_support/dependencies.rb:452:inconst_missing’
Xavier N. wrote:
On Feb 13, 2008, at 7:29 , Yaxm Y. wrote:
I found out that I can’t use “require” but need to use
“require_dependence” in my environment.rb file
require_dependency ‘application’
ActionController::Routing.possible_controllers.each do |c|
known to work without directories
“#{c.camelize}Controller”.constantize
end
That’s strange, what happended if you used “require”? Where do you
have that code? Which version of Rails is that?
– fxn
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.