Post on 18-May-2015
description
transcript
RIRUGhttp://rirug.com
Common Web App Needs
• A User
• A way to associate requests with that user
RIRUGhttp://rirug.com
Many Current Auth Solutions
• RESTful Authentication
• AuthLogic
• Clearance
• OpenID
• HTTP Auth
• LDAP
• CAS
• Roll Your Own
RIRUGhttp://rirug.com
RackRails 2.3 introduced Rack
compatibility.
Rails 3 is Rack dependent.
Rack allows for modular application design.
RIRUGhttp://rirug.com
How Does This Affect Authentication?
• Rack allows for “mountable apps”
• Rails middleware
• Rails metal
RIRUGhttp://rirug.com
Current Authentication Systems Will Conflict
Between Apps
RIRUGhttp://rirug.com
Warden
• Injects a lazy proxy into the request
• Proxy follows around the request
• Does nothing until asked
• Authenticates requests for any kind of “user”
• Provides a mechanism for authentication
• Available to all downstream Rack parts
RIRUGhttp://rirug.com
Authentication Logic
• Strategy Based
• Packagable
• Sharable between discrete apps
• Simple
RIRUGhttp://rirug.com
Strategies
• Multiple Strategies
• Strategies Cascade
RIRUGhttp://rirug.com
Devise
• Flexible Rails authentication based on Warden
• Rack based
• Complete MVC solution using Rails engines
• Allows for multiple roles (models/scopes)
• Based on modularity
RIRUGhttp://rirug.com
Devise Modules
• Database Authenticatable
• Token Authenticatable
• Confirmable
• Recoverable
• Rememberable
• Registerable
• Trackable
• Timeoutable
• Validatable
• Lockable
RIRUGhttp://rirug.com
Rack Resources
• http://rack.rubyforge.org/
• http://rack.rubyforge.org/doc/SPEC.html
• http://railslab.newrelic.com/2009/06/05/episode-14-rack-metal
RIRUGhttp://rirug.com
Warden Resources
• http://www.slideshare.net/hassox/warden-introduction
• http://wiki.github.com/hassox/warden/overview
• http://github.com/hassox/rails_warden
RIRUGhttp://rirug.com
Devise Resources
• http://blog.plataformatec.com.br/2010/02/happy-birthday-devise/
• http://github.com/plataformatec/devise
• http://rdoc.info/projects/plataformatec/devise
• http://railscasts.com/episodes/209-introducing-devise
• http://railscasts.com/episodes/210-customizing-devise