English 中文(简体)
RoR: Store HTTP_AUTHORIZATION in session to access .htaccess protected folder
原标题:

In my Ruby on Rails application, I am trying to protect part of the public folder using apache .htaccess feature to prevent access from files to non-authentified people. So I have place a .htpasswd file to protect this folder and set up apache accordingly and this work... prompting me for login/password to access the files.

I use the restful authentication plugin to authentify users to their credential. My idea was to do:

  1. authentify the user
  2. if the user is authentified, set the HTTP_AUTHORIZATION variable and store it so that I can access the protected folder s files without the browser prompting me for login/password

What I did, in the application controller:

helper_method :set_http_auth 

def set_http_auth  
  request.env[ HTTP_AUTHORIZATION ] = AutionController::HttpAuthentication::Basic.encode_credentials("myLogin","myPassword")  
end

Then call the before_filter in the controller to set the value.

It seems like it s doing the job, I get HTTP_AUTHORIZATION set into my request.env array but unfortunately the browser still prompts me for login/passwd if i try to get file from the protected folder (such as image).

If anybody has an idea, I m all ears :) Thanks!

最佳回答

I found a solution that could be suitable: Here but it would require major changes in my application.

So instead, I chose to protect the folder using apache cookie detection and then check if the cookie was existing when trying to access the file (the cookie getting set upon user s authentication).

Email me is you want details...

时间:2010-01-28 19:10:09
问题回答

Looked around various solutions, the best seems to use mod_xsendfile:
sudo apt-get install mod_xsendfile

before_filter :login_required

def download
    send_file  /home/railsway/downloads/huge.zip , :type=>"application/zip", :x_sendfile=>true
end

This won t tie up your rails process (apache serves files itself outside public dir upon receiving the x-sendfile header). So it s the most efficient and also pretty easy way to protect your files. Use your own authentication at will. Nginx and lighthttpd have similar solutions...

时间:2011-07-06 14:14:27


上一篇:
下一篇:


相关问题
rails collection_select vs. select

collection_select and select Rails helpers: Which one should I use? I can t see a difference in both ways. Both helpers take a collection and generates options tags inside a select tag. Is there a ...

时间:2009-11-13 11:13:04 回答:3 展示:1
SSL slowness in EC2

We ve deployed our rails app to EC2. In our setup, we have two proxies on small instances behind round-robin DNS. These run nginx load balancers for a dynamically growing and shrinking farm of web ...

时间:2009-11-13 03:37:45 回答:3 展示:1
Auth-code with A-Za-z0-9 to use in an URL parameter

As part of a web application I need an auth-code to pass as a URL parameter. I am currently using (in Rails) : Digest::SHA1.hexdigest((object_id + rand(255)).to_s) Which provides long strings like : ...

时间:2009-11-09 19:05:27 回答:4 展示:1
RubyCAS-Client question: Rails

I ve installed RubyCAS-Client version 2.1.0 as a plugin within a rails app. It s working, but I d like to remove the ?ticket= in the url. Is this possible?

时间:2009-11-09 18:52:58 回答:1 展示:1
activerecord has_many :through find with one sql call

I have a these 3 models: class User < ActiveRecord::Base has_many :permissions, :dependent => :destroy has_many :roles, :through => :permissions end class Permission < ActiveRecord::...

时间:2009-11-09 16:00:01 回答:3 展示:1
Ordering a hash to xml: Rails

I m building an xml document from a hash. The xml attributes need to be in order. How can this be accomplished? hash.to_xml

时间:2009-11-09 15:49:30 回答:5 展示:1
Text Editor for Ruby-on-Rails

guys which text editor is good for Rubyonrails? i m using Windows and i was using E-Texteditor but its not free n its expired now can anyone plese tell me any free texteditor? n which one is best an ...

时间:2009-11-09 14:40:21 回答:13 展示:1
How to get SQL queries for each user where env is production

I’m developing an application dedicated to generate statistical reports, I would like that user after saving their stat report they save sql queries too. To do that I wrote the following module: ...

时间:2009-11-09 14:20:51 回答:1 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全