ruby on rails 3 question about before_filter_问答_开发者

ruby on rails 3 question about before_filter

开发者 https://www.devze.com 2023-01-07 06:41 出处：网络

Could someone please explain for me what is happening here? i feel like the documentation doesnt mention a lot or describe what is happening. it just say use this method like this.

Could someone please explain for me what is happening here?

i feel like the documentation doesnt mention a lot or describe what is happening. it just say use this method like this.

what will happen if username and password are true, what will happen if false etc?

class AdminController < ApplicationController
  USERNAME, PASSWORD = "humbaba", "5baa61e4"

  before_filter :authenticate

  private

  def authenticate
    authenticate开发者_如何学Go_or_request_with_http_basic do |username, password|
      username == USERNAME &&
      Digest::SHA1.hexdigest(password) == PASSWORD
    end
  end
end

thanks

The before_filter method ensures that the private method authenticate is run before all requests.

authenticate_or_request_with_http_basic pops up the browser's "enter your username and password" box, and passes them into the block, as username and password, in this case.

If the block returns true (if the username and password match), the request proceeds to your more specific code. If the block returns false (the username and password don't match), the request is cut short, and an authentication failure page with the correct HTTP status code is returned. The browser may retry the request a few more times before showing the failure page.

There is standard authentication functionality built into every browser called "Basic HTTP Authentication". I'm sure you've seen a generic username/password dialog (styled as part of your operating system) show up on web pages. This is it.

It works as follows:

Browser sends GET request for a protected URL
Server sends 401 Response which means "Authorization Required"
Browser knows what it means and pops up a dialog box to the user with user/pass fields
When user submits, browser sends another GET request, but with Authorization header which contains base64 encoded username and password
Server checks, and if successful — sends back 200 success response with the content of requested page

In your before_filter you're simply telling Rails to perform all of the above song-and-dance when any controller action is accessed anywhere. Rails handles all the protocol communication described above for you.

In case of denied access, Rails sends back 403 Forbidden response, and browser has built-in way to show that.

To find out more: http://en.wikipedia.org/wiki/Basic_access_authentication