(In other words, ssl_required and
ssl_allowed could not be module methods of SslRequirement, because they would not
be added as class methods of the controller class.)
The second thing that SslRequirement.included does is to set up a before_filter on
the controller to enforce the SSL requirement. This filter redirects to the proper http://
or https:// URL, depending on the logic declared by the class methods.
Plugin Examples | 89
HTTP Authentication
The final plugin we will examine is the http_authentication plugin, which allows
you to protect certain actions in an application by HTTPBasic authentication (currently,
Digest authentication is stubbed out but not implemented).
The HTTPAuthentication plugin is very straightforward; the most common interface
is the ActionController class method authenticate_or_request_with_http_basic,
typically used in a before_filter on protected actions. That method takes as parameters
an authentication realm and a login procedure block that verifies the given
credentials. If the login procedure returns true, the action is allowed to continue. If the
login procedure returns false, the action is blocked and an HTTP401 Unauthorized
status code is sent, with instructions on how to authenticate (a WWW-Authenticate
header). In that case, the browser will typically present the user with a login and
password and allow three tries before displaying an ???Unauthorized??? page.
Pages:
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142