Hello I have 2 applications (1 normal, 1 Beast Forum) that set the session domain to be the same so that they can share information between them (they use the same database). However, i am not 100% clear on how I can expose the controller methods to each of them through normal HTTP Auth, and keep the normal acts_as_authenticated pieces in place at the same time? Is there a way to distinguish web-service calls through AWS from normal browser call and authenticate them differently ? Thanks Adam --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 4 Jan 2008, at 16:18, AD wrote:> Hello > I have 2 applications (1 normal, 1 Beast Forum) that set the session > domain > to be the same so that they can share information between them (they > use the > same database). However, i am not 100% clear on how I can expose the > controller methods to each of them through normal HTTP Auth, and > keep the > normal acts_as_authenticated pieces in place at the same time? > > Is there a way to distinguish web-service calls through AWS from > normal > browser call and authenticate them differently ?I''ve done this in 2 ways: - Have the web service actions behind a filter that effectively says ''localhost only'' (or local subnet only if you have several machine on a private network) - Normal requests arrive on port 80, have a apache set an http header for you (eg ''EXTERNAL_REQUEST''), have web service requests arrive on some other port (eg 81) and don''t set that. Only allow web-service requests if EXTERNAL_REQUEST is not set (and let the firewall take care of not allowing anyone else query you on port 81) Fred --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Thanks, the first option doest really work if the app and the WS need to use the same action. How do you actually handle authentication? I assume you dont use acts_as_authenticated, do you use this new http_authentication method? On Jan 4, 2008 11:33 AM, Frederick Cheung <frederick.cheung-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > > On 4 Jan 2008, at 16:18, AD wrote: > > > Hello > > I have 2 applications (1 normal, 1 Beast Forum) that set the session > > domain > > to be the same so that they can share information between them (they > > use the > > same database). However, i am not 100% clear on how I can expose the > > controller methods to each of them through normal HTTP Auth, and > > keep the > > normal acts_as_authenticated pieces in place at the same time? > > > > Is there a way to distinguish web-service calls through AWS from > > normal > > browser call and authenticate them differently ? > > I''ve done this in 2 ways: > - Have the web service actions behind a filter that effectively says > ''localhost only'' (or local subnet only if you have several machine on > a private network) > - Normal requests arrive on port 80, have a apache set an http header > for you (eg ''EXTERNAL_REQUEST''), have web service requests arrive on > some other port (eg 81) and don''t set that. Only allow web-service > requests if EXTERNAL_REQUEST is not set (and let the firewall take > care of not allowing anyone else query you on port 81) > > Fred > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 4 Jan 2008, at 16:36, AD wrote:> Thanks, the first option doest really work if the app and the WS > need to use the same action. >Ah I hadn''t got that> How do you actually handle authentication? I assume you dont use > acts_as_authenticated, do you use this new http_authentication method?I''ve got some home grown stuff (session stuff). It''s never for us the case that an action is accessed in both ways. I think what I outline below still helps. acts_as_authenticated gives you a login_required filter. You could instead have a filter that looks like def web_service_or_login login_required unless is_a_web_service_request? end Where is_a_web_service_request? determines whether the request is one from a webservice (possibly using one of the thigns I described). Fred> > > On Jan 4, 2008 11:33 AM, Frederick Cheung > <frederick.cheung-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > On 4 Jan 2008, at 16:18, AD wrote: > > > Hello > > I have 2 applications (1 normal, 1 Beast Forum) that set the session > > domain > > to be the same so that they can share information between them (they > > use the > > same database). However, i am not 100% clear on how I can expose > the > > controller methods to each of them through normal HTTP Auth, and > > keep the > > normal acts_as_authenticated pieces in place at the same time? > > > > Is there a way to distinguish web-service calls through AWS from > > normal > > browser call and authenticate them differently ? > > I''ve done this in 2 ways: > - Have the web service actions behind a filter that effectively says > ''localhost only'' (or local subnet only if you have several machine on > a private network) > - Normal requests arrive on port 80, have a apache set an http header > for you (eg ''EXTERNAL_REQUEST''), have web service requests arrive on > some other port (eg 81) and don''t set that. Only allow web-service > requests if EXTERNAL_REQUEST is not set (and let the firewall take > care of not allowing anyone else query you on port 81) > > Fred > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---