Rails - Jul 2006 - Authentication & Authorisation - Whats the common approach?

Hi,

Just wondering what the most popular approach is for authentication and 
authorisation in a rails application that is deployed and fronted by 
apache?  Also when there are say a couple of rails apps being hosted.

Authentication
=============[1] Options would seem to include:
* Do it within rails/your app?  Use of a "before_filter" per the Rails
Recipes book
* Use of Apache to authenticator & define users?  (I''m just
assuming
this is an option).

[2] Also if you wanted to have users use multiple deployed rails apps on 
the same hosted site what mechanism is the most popular to leverage this 
(i.e. a standalone rails user management web app, use of apache etc?)

Authorisation
=============[3] I assume this would need to be implemented in the ruby app but 
either:
a) do it separately in each app (i.e. re-implement each time) OR
b) have a common user/role table that each deployed rails app hooks into 
- in this case whats the best mechanism to extract/abstract the code out 
of each rails application?

Cheers



-- 
Posted via http://www.ruby-forum.com/.

http://wiki.rubyonrails.org/rails/pages/Authentication

-- 
Posted via http://www.ruby-forum.com/.

Tks - i''ll read through this, but in particular I was keen to
understand
the most popular approach.

I''m also interested to see whether Ruby or Rails has some equivalent 
"external authentication/authorisation" approach like Java has with 
standard API calls like "isUserInRole" and declaritive security 
available.  I''ll start reading..  :)

Brez!  !! wrote:
> http://wiki.rubyonrails.org/rails/pages/Authentication

-- 
Posted via http://www.ruby-forum.com/.