Ohhhhhh... Right my apologies. I saw the post with Tyler and presumed you
specifically wanted to know about HTTP auth. My bad!
You can do form-based authentication just perfectly in lift... Its no
problem at all.
Thanks, Tim
On 25/03/2009 16:00, "David Pollak" <feeder.of.the.be...@gmail.com> wrote:
>
>
> On Wed, Mar 25, 2009 at 8:56 AM, Chad Skinner <chadwskin...@gmail.com> wrote:
>> All of our applications are currently using form based authentication in the
>> EJB container .. am I correct that this (Form based authentication) is not
>> supported in Lift?
>
> You are incorrect. Form-based authentication works just fine in Lift.
>
>>
>> As I see it, After checking the users cookie against the Authentication
>> server I would want to cache the returned User object for a period to prevent
>> hitting the server for each request. The only downfall is that if the user
>> logs out of the authentication server and the cache is not cleared then the
>> user would still be authenticated until the cache expires.
>>
>> I may be living in the dark ages, but I did not think you could log a user
>> out using HttpAuthentication short of closing the browser ... is this true?
>
> No. You can stop honoring the authentication provided by HttpAuth. This
> requires server logic rather than a hard-coded auth file.
>
>>
>>
>> On Wed, Mar 25, 2009 at 10:20 AM, Timothy Perrett <timo...@getintheloop.eu>
>> wrote:
>>>
>>>
>>> Further to that example, no doubt someone will laugh at me for using
>>> database access on each request... However this is just an example! In
>>> reality I actually read from an LRU cache to save the database access.
>>>
>>> Cheers, Tim
>>>
>>> On 25/03/2009 15:08, "Timothy Perrett" <timo...@getintheloop.eu> wrote:
>>>
>>>> >
>>>> > Chad,
>>>> >
>>>> > We have HTTP Basic Auth and HTTP Digest Auth support in Lift. The
>>>> > authentication is implemented as a partial function that you implement
>>>> > like so:
>>>> >
>>>> > LiftRules.httpAuthProtectedResource.prepend {
>>>> > case (ParsePath("api" :: _, _, _, _)) => Full(AuthRole("admin"))
>>>> > }
>>>> >
>>>> > LiftRules.authentication = HttpBasicAuthentication("lift") {
>>>> > case (username, password, req) => {
>>>> > User.find(By(User.username, username)) match {
>>>> > case Full(user) if user.password.match_?(password) => {
>>>> > userRoles(AuthRole("admin"))
>>>> > true
>>>> > }
>>>> > case _ => false
>>>> > }
>>>> > }
>>>> > }
>>>> >
>>>> > Does that make things clearer for you? Essentially what happens is
>>>> > this:
>>>> >
>>>> > user request (no auth) ==> challenge
>>>> > user request (with auth) ==> sucsess (or challenge if incorrect)
>>>> >
>>>> > HTTP Digest is a lot more complex, if you need info on that, let me
>>>> > know.
>>>> >
>>>> > Thanks
>>>> >
>>>> > Tim
>>>> >
>>>> >
>>>> > On Mar 25, 2:42 pm, Chad Skinner <chadwskin...@gmail.com> wrote:
>>>>> >> Humm, I am learning something about HttpBasicAuthentication and need to
>>>>> look
>>>>> >> into this more. Is this method called for every request ... even before
>>>>> the
>>>>> >> user fills out the login form?
>>>>> > >
>>>> >
>>>
>>>
>>>
>>>
>>
>>
>>
>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~----------~----~----~----~------~----~------~--~---
