Rails - Dec 2005 - Too many login generators?

there is a blog about it

http://www.realityforge.org/articles/2005/11/12/aaa_in_rails

There are so many Authentication/Authorization/Auditing generators now, 
just like the situation in java''s world, Too many components doing the 
samething just make me confusion. Why not add one to rails core lib and 
everybody can extend it for their requirement ?





-- 
Posted via http://www.ruby-forum.com/.

Or perhaps the authors of the generators could get together, decide on a 
"core" and provide extension points that build off of one code base?

--Ryan
----- Original Message ----- 
From: "cap" <capitain-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: <rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org>
Sent: Tuesday, December 20, 2005 9:50 PM
Subject: [Rails] Too many login generators?

> there is a blog about it
>
> http://www.realityforge.org/articles/2005/11/12/aaa_in_rails
>
> There are so many Authentication/Authorization/Auditing generators now,
> just like the situation in java''s world, Too many components doing
the
> samething just make me confusion. Why not add one to rails core lib and
> everybody can extend it for their requirement ?
>
>
>
>
>
> -- 
> Posted via http://www.ruby-forum.com/.
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

On 12/20/05, cap <capitain-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> there is a blog about it
>
> http://www.realityforge.org/articles/2005/11/12/aaa_in_rails
>
> There are so many Authentication/Authorization/Auditing generators now,
> just like the situation in java''s world, Too many components doing
the
> samething just make me confusion. Why not add one to rails core lib and
> everybody can extend it for their requirement ?
AAA is a domain-level problem, not an infrastructure one.  The reason
Rails core doesn''t have this kind of framework is the same reason
there are so many third party components for it: there''s no single
solution that suits most applications.

--
sam

Very True... Is there any we can generalize it into a standard interface,
with multiple backbone implementations?  Having a Core authentication
mechanism is a really awesome (powerful) idea, but hard to generalize.  

If we can make it so that they just snap in the right out right out of
box... that is an improvement.

Thanks

Justin

-----Original Message-----
From: rails-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
[mailto:rails-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org] On
Behalf Of Sam Stephenson
Sent: Tuesday, December 20, 2005 10:57 PM
To: rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
Subject: Re: [Rails] Too many login generators?

On 12/20/05, cap <capitain-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> there is a blog about it
>
> http://www.realityforge.org/articles/2005/11/12/aaa_in_rails
>
> There are so many Authentication/Authorization/Auditing generators now,
> just like the situation in java''s world, Too many components doing
the
> samething just make me confusion. Why not add one to rails core lib and
> everybody can extend it for their requirement ?
AAA is a domain-level problem, not an infrastructure one.  The reason
Rails core doesn''t have this kind of framework is the same reason
there are so many third party components for it: there''s no single
solution that suits most applications.

--
sam
_______________________________________________
Rails mailing list
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails

> If we can make it so that they just snap in the right out right out of
> box... that is an improvement.
It certainly takes people much smarter than us in the core team. As
I''ve said many times before, I haven''t even been able to
abstract
authentication and user schemes within 37signals. So I would step
within a 100 miles of trying to extract something that could work for
"most people, most of the time".

Note: This doesn''t preclude that it can be done. Just that the
creators of Rails are not skilled enough to do it.
--
David Heinemeier Hansson
http://www.loudthinking.com -- Broadcasting Brain
http://www.basecamphq.com   -- Online project management
http://www.backpackit.com   -- Personal information manager
http://www.rubyonrails.com  -- Web-application framework

David Heinemeier Hansson wrote:
>>If we can make it so that they just snap in the right out right out of
>>box... that is an improvement.
>>    
>>
>
>It certainly takes people much smarter than us in the core team. As
>I''ve said many times before, I haven''t even been able to
abstract
>authentication and user schemes within 37signals. So I would step
>within a 100 miles of trying to extract something that could work for
>"most people, most of the time".
>
>Note: This doesn''t preclude that it can be done. Just that the
>creators of Rails are not skilled enough to do it.
>  
>
Have you admired the presentations from MS about ASP 2.0 and all this 
kind of stuff?  They have some huge overloaded class model which seems 
to provide authentication and "preference" features included as 
standard, but you can still wire it to any database model of your choice.

There *may* be some clues in how they do it in order to abstract 
something for inclusion in Rails.  Of course it will never fit everyones 
models exactly, but then again Rails has a function called "form"
which
generates a basic HTML form from a record and that will rarely suit 
everyone''s taste either... 

I think that having some "approved" auth functions in Rails would be a
useful start - it would get more feedback and might help crystalise the 
"correct" model.  Probably the "answer" is something like a
role based
model with support for adding auth into the model objects as well as the 
controller.  Currently this spans several topics on the wiki and would 
ideally be integrated into a single debugged framework

I hope someone runs with this.  As a beginner I really need an Auth 
class that I can just plug in.  Of course I expect to drop it and 
rewrite it as the app grows, but it would be nice to make my mistakes 
quickly and easily from something fairly well debugged and supported on 
the Rails mailing list

Ed W

> I hope someone runs with this.  As a beginner I really need an Auth
> class that I can just plug in.  Of course I expect to drop it and
> rewrite it as the app grows, but it would be nice to make my mistakes
> quickly and easily from something fairly well debugged and supported on
> the Rails mailing list
May I humbly suggest the acts_as_authenticated generator?  It''s
written with the assumption that you will generate it once and tweak
it as necessary.  All the code is generated as ''first class
citizens''
of your app, not hiding behind some library with a custom
configuration scheme you have to learn.  I hope that it can even serve
as a little tutorial on how authentication should work in Rails.  It''s
really just an updated version of xal''s login_generator, which taught
me a lot about Rails when I was just starting out.

./script/plugin discover # add the techno-weenie.net repository
./script/plugin install acts_as_authenticated

--
rick
http://techno-weenie.net

Rick Olson wrote:
>>I hope someone runs with this.  As a beginner I really need an Auth
>>class that I can just plug in.  Of course I expect to drop it and
>>rewrite it as the app grows, but it would be nice to make my mistakes
>>quickly and easily from something fairly well debugged and supported on
>>the Rails mailing list
>>    
>>
>
>May I humbly suggest the acts_as_authenticated generator?  It''s
>written with the assumption that you will generate it once and tweak
>it as necessary.  All the code is generated as ''first class
citizens''
>of your app, not hiding behind some library with a custom
>configuration scheme you have to learn.  I hope that it can even serve
>as a little tutorial on how authentication should work in Rails. 
It''s
>really just an updated version of xal''s login_generator, which
taught
>me a lot about Rails when I was just starting out.
>  
>
I agree that it''s a very good start.  I have just been browsing the
code
and haven''t tried it yet.

For me it doesn''t help me solve protecting the model (which is covered 
in some other ideas and basically boils down to some helper classes).  
It also would ideally be built around thinking in terms of roles as well 
as users.  This still leaves the issue of row level security unsolved, 
but I haven''t seen a good generic way to handle that anyway

Why don''t you consider merging some of the framework that helps secure 
the model into this framework?  There was an interested article about it 
on the rails wiki?

Also I can''t immediately see why you wouldn''t want to make
most of this
an engine?  Given that one wants to benefit from improvements in the 
helper methods, yet also override large chunks of code to fit the 
application at hand then this seems to be a good fit for an "engine"?

Looks really promising, congrats

Ed W

I have the same problem as the original author - I''m looking for a 
simple login/auth system and wondering which of the many I should 
select.

But let''s face it, it''s an emabarrasment of riches, not really
a
problem.

So far the one I''m liking the best is ActiveRBAC.

https://activerbac.turingstudio.com/trac/wiki

I haven''t used it (haven''t used any) but I have read
it''s documentation.
That alone is enough to make it my first choice: it has documentation! 
Not just RDOC, but a readable pdf which starts with a tutorial. Good 
work ActiveRBAC people.

Has anyone tried this? How does it compare with other such plugins,
engines, generators?

I also saw this attempt, but it seems a bit younger and more general, 
though more powerful.

http://www.billkatz.com/authorization

I don''t like the fact that the latter invents a DSL that is not written
in ruby (it''s parsed by ruby code - but with everything else in rails 
100% ruby I think the author could have been a little less fastidious in 
their syntax)

Anyway, I''d like to hear what Davd HH has to say about auth schemes
he''s
seen and those he''s worked on:
What are the big differences between the various 37 signals apps'' auth 
schemes?

What do you think of ActiveRBAC?

I note that it''s implemented as a "Rails Engine" and there
seems to be
some discussion about that approach.

-- 
Posted via http://www.ruby-forum.com/.

I totally agree with DHH on this one.  As someone that has used .NET''s
auth scheme, both new and old (EL), you don''t have to get into it very
far to find out there there''s one thing in there that causes you
problems.  You spend so much time trying to work around this one issue
that in the end you would have had a better implementation and
something much more maintainable by just doing it from scratch.

Somehow I never learn and I experienced exactly this situation on a
recent project.  First the Profiles didn''t work the way we needed, and
then their auth scheme wasn''t quite enough to satisfy the client, and
then...  These types of things are great, or perceived as great, when
you''re just starting out, but in the end it''s a "you
can''t get there
from here" type scenario.

I think the type of thing that Rick Olson is doing (act as
authenticated) is a much better starter if you need a kick in the
pants.

Michael

On Wed, Apr 05, 2006 at 10:27:23PM +0200, rhubarb wrote:
> I have the same problem as the original author - I''m looking for a
simple
> login/auth system and wondering which of the many I should select.
I''m pondering the same thing myself.  I''m new to Rails and
I''m working on
converting my personal web site and a local canine agility group''s web
site
from PHP to Rails.  I''ve been planning to move from PHP to something
better
for quite a while now.  I''ve looked a numerous options and fortunately
at
some point I came across Rails.  The more I dig into Rails the more excited
I get about leaving PHP behind.  There are many, many features that
I''ve put
off adding to my sites while searching for an alternative to PHP.  Now every
time I turn around it seems I''m finding another Rails feature, plugin,
generator, or engine to help implement features I want to add.
> So far the one I''m liking the best is ActiveRBAC.
> 
> https://activerbac.turingstudio.com/trac/wiki
> 
> I haven''t used it (haven''t used any) but I have read
it''s documentation.
> That alone is enough to make it my first choice: it has documentation!
> Not just RDOC, but a readable pdf which starts with a tutorial. Good work
> ActiveRBAC people.
Your post is the first I heard of ActiveRBAC.  I have to agree with you.
The documentation gets an A in my book.  Being new to Rails the tutorial
section in the manual is a definite plus for me.  And, the name makes me
feel right at home.  I work as an IBM mainframe operator.  IBM loves
acronyms.  The shop I work in uses RACF(Resource Access Control Facility).
> Has anyone tried this? How does it compare with other such plugins,
> engines, generators?
I would also like to hear from more experienced Rails folks about how
ActiveRBAC compares to other such plugins, engines, and/or generators.  I
certainly don''t want to base my choice for something as important as an
authentication system on good documentation alone.



Kevin
http://www.RawFedDogs.net
http://www.WacoAgilityGroup.org
Bruceville, TX

Rails Enthusiasts,

On Thu, Apr 06, 2006 at 08:55:27AM -0500, Kevin Monceaux wrote:
 
> I would also like to hear from more experienced Rails folks about how
> ActiveRBAC compares to other such plugins, engines, and/or generators.  I
> certainly don''t want to base my choice for something as important
as an
> authentication system on good documentation alone.
Well, I guess I''ll have to answer my own post.  As I suspected
ActiveRBAC''s
documentation was too good to be true.  I tried following the ActiveRBAC
tutorial on both Rails 1.0.0 and 1.1.0 without success.  After trying
ActiveRBAC I gave acts_as_authenticated a try.  It''s documentation is
minimal but unlike ActiveRBAC it works.  Works + minimal documentation beats
great documentation + doesn''t work hands down.  Then, I came across a
few
threads on the advantages of creating one''s own custom authentication
system
over using a plugin/engine.  Between the authentication examples in AWDWR
and going through a little of acts_as_authenticated''s code I think
I''m
feeling more confident about creating a custom authentication system for my
web apps.  


Kevin
http://www.RawFedDogs.net
http://www.WacoAgilityGroup.org
Bruceville, TX

I came to exactly the same conclusion.

I''m going to use acts_as_authenticated as a guide to implement login
authentication, and I am going to use the chapter on role based
authentication from the Rails Recipe Book to do my own RBAC. Liberally
borrowing from ideas from the UserEngine, which I like but was too buggy
to rely on.


Kevin Monceaux wrote:
> Rails Enthusiasts,
>
> On Thu, Apr 06, 2006 at 08:55:27AM -0500, Kevin Monceaux wrote:
>  
>   
>> I would also like to hear from more experienced Rails folks about how
>> ActiveRBAC compares to other such plugins, engines, and/or generators. 
I
>> certainly don''t want to base my choice for something as
important as an
>> authentication system on good documentation alone.
>>     
>
> Well, I guess I''ll have to answer my own post.  As I suspected
ActiveRBAC''s
> documentation was too good to be true.  I tried following the ActiveRBAC
> tutorial on both Rails 1.0.0 and 1.1.0 without success.  After trying
> ActiveRBAC I gave acts_as_authenticated a try.  It''s documentation
is
> minimal but unlike ActiveRBAC it works.  Works + minimal documentation
beats
> great documentation + doesn''t work hands down.  Then, I came
across a few
> threads on the advantages of creating one''s own custom
authentication system
> over using a plugin/engine.  Between the authentication examples in AWDWR
> and going through a little of acts_as_authenticated''s code I think
I''m
> feeling more confident about creating a custom authentication system for my
> web apps.  
>
>
> Kevin
> http://www.RawFedDogs.net
> http://www.WacoAgilityGroup.org
> Bruceville, TX
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
>
>
>

Well, unlike others, I got the ActiveRBAC tutorial to work just fine
in Rails 1.0. I had an issue with it when I upgraded to Rails 1.1. The
Login controller was barfing when trying to use the User model. After
a few days, I found a blurb in the ARBAC wiki about putting in a

model :user

line into application.rb for another problem, so I tried that and that
magically fixed it all, at least with the ARBAC demo. I did post a bug
about this, and there is a naming conflict within Active_RBAC that
seems to expose itself in Rails 1.1 (from e-mails from a couple of
ARBAC developers).

Now the next thing to work on is explore with registration (how does
one get it to shoot out e-mails?) and groups.

Does anyone have any UML-ish diagrams of program flow in a typical
Rails application?
How does one model a Mix-in in UML?

-Corey

On 4/5/06, rhubarb <rover.rhubarb@gmail.com>
wrote:
> I have the same problem as the original author - I''m looking for a
> simple login/auth system and wondering which of the many I should
> select.
>
> But let''s face it, it''s an emabarrasment of riches, not
really a
> problem.
>
> So far the one I''m liking the best is ActiveRBAC.
>
> https://activerbac.turingstudio.com/trac/wiki
>
> I haven''t used it (haven''t used any) but I have read
it''s documentation.
> That alone is enough to make it my first choice: it has documentation!
> Not just RDOC, but a readable pdf which starts with a tutorial. Good
> work ActiveRBAC people.
>
> Has anyone tried this? How does it compare with other such plugins,
> engines, generators?
>
> I also saw this attempt, but it seems a bit younger and more general,
> though more powerful.
>
> http://www.billkatz.com/authorization
>
> I don''t like the fact that the latter invents a DSL that is not
written
> in ruby (it''s parsed by ruby code - but with everything else in
rails
> 100% ruby I think the author could have been a little less fastidious in
> their syntax)
>
> Anyway, I''d like to hear what Davd HH has to say about auth
schemes he''s
> seen and those he''s worked on:
> What are the big differences between the various 37 signals apps''
auth
> schemes?
>
> What do you think of ActiveRBAC?
>
> I note that it''s implemented as a "Rails Engine" and
there seems to be
> some discussion about that approach.
>
> --
> Posted via http://www.ruby-forum.com/.
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>