I'm using neither Mapper (JPA is used instead) nor SiteMap. Thanks for
the explanation, I'll try this today.
On Dec 7, 6:14 am, Marius <marius.dan...@gmail.com> wrote:
> On Dec 7, 1:09 pm, DMB <combust...@gmail.com> wrote:
>
>
>
> > Basically here's what I want to accomplish:
> > 1. I want the user to login through a simple form on /index.html -
> > this is the only unprotected page on the site. User does not have a
> > user name, the only field is a password.
> > 2. I want to store the user role (along with some other state data) in
> > the user session
> > 3. If user tries to access any page other than index.html, I want to
> > redirect to /index.html
>
> > After stumbling for a while due to scarcity of documentation, I have
> > done the following:
>
> > In Boot.scala:
>
> > LiftRules.httpAuthProtectedResource.prepend {
> > case ParsePath("index" :: Nil, "html", true, false) =>
> > Empty
> > case _ => Full(AuthRole("admin"))
> > }
>
> > LiftRules.authentication = SessionAuthentication()
>
> > InSessionAuthentication.scala:
>
> > case class SessionAuthentication extends HttpAuthentication {
>
> > def verified_? = { case(req) => {
> > // TODO: Prefetch from DB here
> > true
> > }
> > }
>
> > }
>
> > It is my understanding that this should not ask for auth at all. In
> > reality, it doesn't ask for auth on /index.html, but DOES ask for
> > Basic auth (through a browser popup) on any other page.
>
> > What am I doing wrong, and how do I make it right?
>
> Your are seeing the browser's credentials popup because of :
>
> def unauthorizedResponse: UnauthorizedResponse = UnauthorizedResponse
> (realm)
>
> from HttpAuthentication trait. You can override this and subclass
> UnauthorizedResponse with your own LiftResponse if you want other type
> of response than 401. You can also protect your resources using
> HttpAuthProtected LocParam that you can use when you specify your
> SiteMap in the Loc construction.
>
> This is one approach.
>
> Another one, probably more suitable for login forms, is to look into
> Mapper support for that (I think it's called MetaMegaProtoUser ? )
--
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to lift...@googlegroups.com.
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en.
