there is a blog about it http://www.realityforge.org/articles/2005/11/12/aaa_in_rails There are so many Authentication/Authorization/Auditing generators now, just like the situation in java's world, Too many components doing the samething just make me confusion. Why not add one to rails core lib and everybody can extend it for their requirement ?
on 2005-12-21 03:50
on 2005-12-21 04:05
Or perhaps the authors of the generators could get together, decide on a "core" and provide extension points that build off of one code base? --Ryan ----- Original Message ----- From: "cap" <email@example.com> To: <firstname.lastname@example.org> Sent: Tuesday, December 20, 2005 9:50 PM Subject: [Rails] Too many login generators?
on 2005-12-21 05:59
On 12/20/05, cap <email@example.com> wrote: > there is a blog about it > > http://www.realityforge.org/articles/2005/11/12/aaa_in_rails > > There are so many Authentication/Authorization/Auditing generators now, > just like the situation in java's world, Too many components doing the > samething just make me confusion. Why not add one to rails core lib and > everybody can extend it for their requirement ? AAA is a domain-level problem, not an infrastructure one. The reason Rails core doesn't have this kind of framework is the same reason there are so many third party components for it: there's no single solution that suits most applications. -- sam
on 2005-12-21 08:26
Very True... Is there any we can generalize it into a standard interface, with multiple backbone implementations? Having a Core authentication mechanism is a really awesome (powerful) idea, but hard to generalize. If we can make it so that they just snap in the right out right out of box... that is an improvement. Thanks Justin
on 2005-12-22 03:21
> If we can make it so that they just snap in the right out right out of > box... that is an improvement. It certainly takes people much smarter than us in the core team. As I've said many times before, I haven't even been able to abstract authentication and user schemes within 37signals. So I would step within a 100 miles of trying to extract something that could work for "most people, most of the time". Note: This doesn't preclude that it can be done. Just that the creators of Rails are not skilled enough to do it. -- David Heinemeier Hansson http://www.loudthinking.com -- Broadcasting Brain http://www.basecamphq.com -- Online project management http://www.backpackit.com -- Personal information manager http://www.rubyonrails.com -- Web-application framework
on 2005-12-22 11:41
David Heinemeier Hansson wrote: > >Note: This doesn't preclude that it can be done. Just that the >creators of Rails are not skilled enough to do it. > > Have you admired the presentations from MS about ASP 2.0 and all this kind of stuff? They have some huge overloaded class model which seems to provide authentication and "preference" features included as standard, but you can still wire it to any database model of your choice. There *may* be some clues in how they do it in order to abstract something for inclusion in Rails. Of course it will never fit everyones models exactly, but then again Rails has a function called "form" which generates a basic HTML form from a record and that will rarely suit everyone's taste either... I think that having some "approved" auth functions in Rails would be a useful start - it would get more feedback and might help crystalise the "correct" model. Probably the "answer" is something like a role based model with support for adding auth into the model objects as well as the controller. Currently this spans several topics on the wiki and would ideally be integrated into a single debugged framework I hope someone runs with this. As a beginner I really need an Auth class that I can just plug in. Of course I expect to drop it and rewrite it as the app grows, but it would be nice to make my mistakes quickly and easily from something fairly well debugged and supported on the Rails mailing list Ed W
on 2005-12-22 14:41
> I hope someone runs with this. As a beginner I really need an Auth > class that I can just plug in. Of course I expect to drop it and > rewrite it as the app grows, but it would be nice to make my mistakes > quickly and easily from something fairly well debugged and supported on > the Rails mailing list May I humbly suggest the acts_as_authenticated generator? It's written with the assumption that you will generate it once and tweak it as necessary. All the code is generated as 'first class citizens' of your app, not hiding behind some library with a custom configuration scheme you have to learn. I hope that it can even serve as a little tutorial on how authentication should work in Rails. It's really just an updated version of xal's login_generator, which taught me a lot about Rails when I was just starting out. ./script/plugin discover # add the techno-weenie.net repository ./script/plugin install acts_as_authenticated -- rick http://techno-weenie.net
on 2005-12-22 17:17
Rick Olson wrote: >it as necessary. All the code is generated as 'first class citizens' >of your app, not hiding behind some library with a custom >configuration scheme you have to learn. I hope that it can even serve >as a little tutorial on how authentication should work in Rails. It's >really just an updated version of xal's login_generator, which taught >me a lot about Rails when I was just starting out. > > I agree that it's a very good start. I have just been browsing the code and haven't tried it yet. For me it doesn't help me solve protecting the model (which is covered in some other ideas and basically boils down to some helper classes). It also would ideally be built around thinking in terms of roles as well as users. This still leaves the issue of row level security unsolved, but I haven't seen a good generic way to handle that anyway Why don't you consider merging some of the framework that helps secure the model into this framework? There was an interested article about it on the rails wiki? Also I can't immediately see why you wouldn't want to make most of this an engine? Given that one wants to benefit from improvements in the helper methods, yet also override large chunks of code to fit the application at hand then this seems to be a good fit for an "engine"? Looks really promising, congrats Ed W
on 2006-04-05 22:27
I have the same problem as the original author - I'm looking for a simple login/auth system and wondering which of the many I should select. But let's face it, it's an emabarrasment of riches, not really a problem. So far the one I'm liking the best is ActiveRBAC. https://activerbac.turingstudio.com/trac/wiki I haven't used it (haven't used any) but I have read it's documentation. That alone is enough to make it my first choice: it has documentation! Not just RDOC, but a readable pdf which starts with a tutorial. Good work ActiveRBAC people. Has anyone tried this? How does it compare with other such plugins, engines, generators? I also saw this attempt, but it seems a bit younger and more general, though more powerful. http://www.billkatz.com/authorization I don't like the fact that the latter invents a DSL that is not written in ruby (it's parsed by ruby code - but with everything else in rails 100% ruby I think the author could have been a little less fastidious in their syntax) Anyway, I'd like to hear what Davd HH has to say about auth schemes he's seen and those he's worked on: What are the big differences between the various 37 signals apps' auth schemes? What do you think of ActiveRBAC? I note that it's implemented as a "Rails Engine" and there seems to be some discussion about that approach.
on 2006-04-06 04:22
I totally agree with DHH on this one. As someone that has used .NET's auth scheme, both new and old (EL), you don't have to get into it very far to find out there there's one thing in there that causes you problems. You spend so much time trying to work around this one issue that in the end you would have had a better implementation and something much more maintainable by just doing it from scratch. Somehow I never learn and I experienced exactly this situation on a recent project. First the Profiles didn't work the way we needed, and then their auth scheme wasn't quite enough to satisfy the client, and then... These types of things are great, or perceived as great, when you're just starting out, but in the end it's a "you can't get there from here" type scenario. I think the type of thing that Rick Olson is doing (act as authenticated) is a much better starter if you need a kick in the pants. Michael
on 2006-04-06 15:58
On Wed, Apr 05, 2006 at 10:27:23PM +0200, rhubarb wrote: > I have the same problem as the original author - I'm looking for a simple > login/auth system and wondering which of the many I should select. I'm pondering the same thing myself. I'm new to Rails and I'm working on converting my personal web site and a local canine agility group's web site from PHP to Rails. I've been planning to move from PHP to something better for quite a while now. I've looked a numerous options and fortunately at some point I came across Rails. The more I dig into Rails the more excited I get about leaving PHP behind. There are many, many features that I've put off adding to my sites while searching for an alternative to PHP. Now every time I turn around it seems I'm finding another Rails feature, plugin, generator, or engine to help implement features I want to add. > So far the one I'm liking the best is ActiveRBAC. > > https://activerbac.turingstudio.com/trac/wiki > > I haven't used it (haven't used any) but I have read it's documentation. > That alone is enough to make it my first choice: it has documentation! > Not just RDOC, but a readable pdf which starts with a tutorial. Good work > ActiveRBAC people. Your post is the first I heard of ActiveRBAC. I have to agree with you. The documentation gets an A in my book. Being new to Rails the tutorial section in the manual is a definite plus for me. And, the name makes me feel right at home. I work as an IBM mainframe operator. IBM loves acronyms. The shop I work in uses RACF(Resource Access Control Facility). > Has anyone tried this? How does it compare with other such plugins, > engines, generators? I would also like to hear from more experienced Rails folks about how ActiveRBAC compares to other such plugins, engines, and/or generators. I certainly don't want to base my choice for something as important as an authentication system on good documentation alone. Kevin http://www.RawFedDogs.net http://www.WacoAgilityGroup.org Bruceville, TX
on 2006-04-07 15:53
Rails Enthusiasts, On Thu, Apr 06, 2006 at 08:55:27AM -0500, Kevin Monceaux wrote: > I would also like to hear from more experienced Rails folks about how > ActiveRBAC compares to other such plugins, engines, and/or generators. I > certainly don't want to base my choice for something as important as an > authentication system on good documentation alone. Well, I guess I'll have to answer my own post. As I suspected ActiveRBAC's documentation was too good to be true. I tried following the ActiveRBAC tutorial on both Rails 1.0.0 and 1.1.0 without success. After trying ActiveRBAC I gave acts_as_authenticated a try. It's documentation is minimal but unlike ActiveRBAC it works. Works + minimal documentation beats great documentation + doesn't work hands down. Then, I came across a few threads on the advantages of creating one's own custom authentication system over using a plugin/engine. Between the authentication examples in AWDWR and going through a little of acts_as_authenticated's code I think I'm feeling more confident about creating a custom authentication system for my web apps. Kevin http://www.RawFedDogs.net http://www.WacoAgilityGroup.org Bruceville, TX
on 2006-04-07 23:29
I came to exactly the same conclusion. I'm going to use acts_as_authenticated as a guide to implement login authentication, and I am going to use the chapter on role based authentication from the Rails Recipe Book to do my own RBAC. Liberally borrowing from ideas from the UserEngine, which I like but was too buggy to rely on.
on 2006-04-11 00:05
Well, unlike others, I got the ActiveRBAC tutorial to work just fine in Rails 1.0. I had an issue with it when I upgraded to Rails 1.1. The Login controller was barfing when trying to use the User model. After a few days, I found a blurb in the ARBAC wiki about putting in a model :user line into application.rb for another problem, so I tried that and that magically fixed it all, at least with the ARBAC demo. I did post a bug about this, and there is a naming conflict within Active_RBAC that seems to expose itself in Rails 1.1 (from e-mails from a couple of ARBAC developers). Now the next thing to work on is explore with registration (how does one get it to shoot out e-mails?) and groups. Does anyone have any UML-ish diagrams of program flow in a typical Rails application? How does one model a Mix-in in UML? -Corey