Ohhhhhh... Right my apologies. I saw the post with Tyler and presumed you specifically wanted to know about HTTP auth. My bad! You can do form-based authentication just perfectly in lift... Its no problem at all.
Thanks, Tim On 25/03/2009 16:00, "David Pollak" <feeder.of.the.be...@gmail.com> wrote: > > > On Wed, Mar 25, 2009 at 8:56 AM, Chad Skinner <chadwskin...@gmail.com> wrote: >> All of our applications are currently using form based authentication in the >> EJB container .. am I correct that this (Form based authentication) is not >> supported in Lift? > > You are incorrect. Form-based authentication works just fine in Lift. > >> >> As I see it, After checking the users cookie against the Authentication >> server I would want to cache the returned User object for a period to prevent >> hitting the server for each request. The only downfall is that if the user >> logs out of the authentication server and the cache is not cleared then the >> user would still be authenticated until the cache expires. >> >> I may be living in the dark ages, but I did not think you could log a user >> out using HttpAuthentication short of closing the browser ... is this true? > > No. You can stop honoring the authentication provided by HttpAuth. This > requires server logic rather than a hard-coded auth file. > >> >> >> On Wed, Mar 25, 2009 at 10:20 AM, Timothy Perrett <timo...@getintheloop.eu> >> wrote: >>> >>> >>> Further to that example, no doubt someone will laugh at me for using >>> database access on each request... However this is just an example! In >>> reality I actually read from an LRU cache to save the database access. >>> >>> Cheers, Tim >>> >>> On 25/03/2009 15:08, "Timothy Perrett" <timo...@getintheloop.eu> wrote: >>> >>>> > >>>> > Chad, >>>> > >>>> > We have HTTP Basic Auth and HTTP Digest Auth support in Lift. The >>>> > authentication is implemented as a partial function that you implement >>>> > like so: >>>> > >>>> > LiftRules.httpAuthProtectedResource.prepend { >>>> > case (ParsePath("api" :: _, _, _, _)) => Full(AuthRole("admin")) >>>> > } >>>> > >>>> > LiftRules.authentication = HttpBasicAuthentication("lift") { >>>> > case (username, password, req) => { >>>> > User.find(By(User.username, username)) match { >>>> > case Full(user) if user.password.match_?(password) => { >>>> > userRoles(AuthRole("admin")) >>>> > true >>>> > } >>>> > case _ => false >>>> > } >>>> > } >>>> > } >>>> > >>>> > Does that make things clearer for you? Essentially what happens is >>>> > this: >>>> > >>>> > user request (no auth) ==> challenge >>>> > user request (with auth) ==> sucsess (or challenge if incorrect) >>>> > >>>> > HTTP Digest is a lot more complex, if you need info on that, let me >>>> > know. >>>> > >>>> > Thanks >>>> > >>>> > Tim >>>> > >>>> > >>>> > On Mar 25, 2:42 pm, Chad Skinner <chadwskin...@gmail.com> wrote: >>>>> >> Humm, I am learning something about HttpBasicAuthentication and need to >>>>> look >>>>> >> into this more. Is this method called for every request ... even before >>>>> the >>>>> >> user fills out the login form? >>>>> > > >>>> > >>> >>> >>> >>> >> >> >> > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~----------~----~----~----~------~----~------~--~---