Chad,
We have HTTP Basic Auth and HTTP Digest Auth support in Lift. The
authentication is implemented as a partial function that you implement
like so:
LiftRules.httpAuthProtectedResource.prepend {
case (ParsePath("api" :: _, _, _, _)) => Full(AuthRole("admin"))
}
LiftRules.authentication = HttpBasicAuthentication("lift") {
case (username, password, req) => {
User.find(By(User.username, username)) match {
case Full(user) if user.password.match_?(password) => {
userRoles(AuthRole("admin"))
true
}
case _ => false
}
}
}
Does that make things clearer for you? Essentially what happens is
this:
user request (no auth) ==> challenge
user request (with auth) ==> sucsess (or challenge if incorrect)
HTTP Digest is a lot more complex, if you need info on that, let me
know.
Thanks
Tim
On Mar 25, 2:42 pm, Chad Skinner <chadwskin...@gmail.com> wrote:
> Humm, I am learning something about HttpBasicAuthentication and need to look
> into this more. Is this method called for every request ... even before the
> user fills out the login form?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~----------~----~----~----~------~----~------~--~---
