Rails - Apr 2006 - Rails AWS authentication????

I want to setup an api for my web app, but i had a few question on the best
way to do this.  I was hoping for some input from you experienced
individuals and rails rock stars.

1)  Is there a way to implement a login in feature so that api methods cant
be called without proper authorization?  This is so i can log activity and
use of the api from different people and so
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060414/a6a6d1c1/attachment.html

No, there is none, unless you are using something like wss4r. But I think it
is an overkill for most of the projects.

On 4/13/06, Manish Shah <mnshah@gmail.com> wrote:
>
> I want to setup an api for my web app, but i had a few question on the
> best way to do this.  I was hoping for some input from you experienced
> individuals and rails rock stars.
>
> 1)  Is there a way to implement a login in feature so that api methods
> cant be called without proper authorization?  This is so i can log activity
> and use of the api from different people and so
>
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
>
>

--
Kent
---
http://www.datanoise.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060414/329ed6ea/attachment-0001.html

For the part about securing yourn API methods, pretty much any of the 
authorization plugins and engines out there can do this. You simply put 
a check for authorization on the controllers or individual methods or 
calls you want to protect. That''s what they were written for.

However, many of the existing schemes, like LoginEngine/UserEngine do 
the logins through web forms. You may need one that does server auth or 
will accept user credentials as part of the request. I''m sure some of 
the other current ones already do this, or you could always look at the 
code in Bruce Perens''s unfortunately abandoned ModelSecurity generator,
which IIRC does server auth and can fall back to a webform.

It might just be easier to write your own authorization method, put it 
in application.rb or application_helper.rb, and apply it as a 
before_filter in the relevant controllers. Google''s API, for instance, 
simply seems to check a non-secret key against the IP address of the 
host calling it, since they issue API accounts on a per-server basis. 
Your needs may be different.

Manish Shah wrote:
> I want to setup an api for my web app, but i had a few question on the 
> best
> way to do this.  I was hoping for some input from you experienced
> individuals and rails rock stars.
> 
> 1)  Is there a way to implement a login in feature so that api methods 
> cant
> be called without proper authorization?  This is so i can log activity 
> and
> use of the api from different people and so

-- 
Posted via http://www.ruby-forum.com/.