On Sun, Nov 9, 2008 at 6:19 AM, Tim Perrett <[EMAIL PROTECTED]> wrote:
>
> Sure, I've done this type of request matching before so im familiar
> with that.
>
> In terms of implementing the digest auth on the server-side, We'll
> need some stuff in lift to process the authorization and the headers.
The headers are not processed in Lift, but in your application as per my
example.
>
> Im guessing i'll need to modify some of the HTTP stuff to do this...
No, you won't.
>
> have you any suggestions for where this would fit best?
You have to implement a single method. The method gets the current request
from S, finds the Auth header and parses it. The only thing that's not
built into Lift is the facility for parsing the value of the Auth header.
If I remember correctly, you have to split the header value at ";" Then you
have to make sure the digest is correct. This is going to be your program
logic anyway because it's going to put the record from the database.
>
>
> The request / response cycle as I understand it should be:
>
> request -> challenge response -> request with credentials ->
> authorization -> authorized or unauthorized response
>
> OR
>
> request with credentials -> authorization -> authorized or
> unauthorized response
And that's exactly what you'll get if you follow the code I've already
posted. In the case that the auth header doesn't exist or is wrong, then a
401 will be returned. In the case that the auth header is properly
presented, then the appropriate response will be presented.
Thanks,
David
>
>
> Cheers
>
> Tim
>
> On Nov 9, 2:00 pm, "David Pollak" <[EMAIL PROTECTED]>
> wrote:
> > I would do something like this in my DispatchPf:
> >
> > {
> > case RequestState("api" :: _, _, ) if !goodAuthHeader => return 401
> > case RequestSate(....) ....
> >
> > }
> >
> > So, the first pattern matches any API request (anything to "/api/....").
> It
> > tests for a good auth header (this is where your code pulls the auth
> header,
> > inspects it against the RDBMS). If the auth fails, you return a 401 and
> > none of the other cases are tested.
> >
> > Thanks,
> >
> > David
> >
> > On Sun, Nov 9, 2008 at 5:52 AM, Tim Perrett <[EMAIL PROTECTED]>
> wrote:
> >
> > > > For standard HTML pages or for for REST (Dispatch) or for both?
> >
> > > Sure, for REST dispatch. For instance, listing users and there details
> > > would be restricted functionality which requires authentication.
> >
> > --
> > Lift, the simply functional web frameworkhttp://liftweb.net
> > Collaborative Task Managementhttp://much4.us
> > Follow me:http://twitter.com/dpp
> > Git some:http://github.com/dpp
> >
>
--
Lift, the simply functional web framework http://liftweb.net
Collaborative Task Management http://much4.us
Follow me: http://twitter.com/dpp
Git some: http://github.com/dpp
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~----------~----~----~----~------~----~------~--~---
