I'm using neither Mapper (JPA is used instead) nor SiteMap. Thanks for the explanation, I'll try this today.
On Dec 7, 6:14 am, Marius <marius.dan...@gmail.com> wrote: > On Dec 7, 1:09 pm, DMB <combust...@gmail.com> wrote: > > > > > Basically here's what I want to accomplish: > > 1. I want the user to login through a simple form on /index.html - > > this is the only unprotected page on the site. User does not have a > > user name, the only field is a password. > > 2. I want to store the user role (along with some other state data) in > > the user session > > 3. If user tries to access any page other than index.html, I want to > > redirect to /index.html > > > After stumbling for a while due to scarcity of documentation, I have > > done the following: > > > In Boot.scala: > > > LiftRules.httpAuthProtectedResource.prepend { > > case ParsePath("index" :: Nil, "html", true, false) => > > Empty > > case _ => Full(AuthRole("admin")) > > } > > > LiftRules.authentication = SessionAuthentication() > > > InSessionAuthentication.scala: > > > case class SessionAuthentication extends HttpAuthentication { > > > def verified_? = { case(req) => { > > // TODO: Prefetch from DB here > > true > > } > > } > > > } > > > It is my understanding that this should not ask for auth at all. In > > reality, it doesn't ask for auth on /index.html, but DOES ask for > > Basic auth (through a browser popup) on any other page. > > > What am I doing wrong, and how do I make it right? > > Your are seeing the browser's credentials popup because of : > > def unauthorizedResponse: UnauthorizedResponse = UnauthorizedResponse > (realm) > > from HttpAuthentication trait. You can override this and subclass > UnauthorizedResponse with your own LiftResponse if you want other type > of response than 401. You can also protect your resources using > HttpAuthProtected LocParam that you can use when you specify your > SiteMap in the Loc construction. > > This is one approach. > > Another one, probably more suitable for login forms, is to look into > Mapper support for that (I think it's called MetaMegaProtoUser ? ) -- You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to lift...@googlegroups.com. To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/liftweb?hl=en.