Hey, Patrick! Thanks for the reply. On Sun, Jan 18, 2009 at 7:25 PM, Patrick Doyle <[email protected]> wrote:
> On Sun, Jan 18, 2009 at 12:45 AM, Ryan Waldron <[email protected]> wrote: > >> >> I've run into a strange problem with HTTP Basic authentication. I've >> observed this behavior on my dev box (connecting directly to mongrel) >> and on an Apache+Passenger setup on my deployment machine. >> > > According to the documentation (see e.g. > http://www.railsbrain.com/api/rails-2.2.2/doc/index.html?a=C00000133&name=ClassMethods) > if a #before_filter renders or redirects, the second half of an around > filter, and any after filters won't run. I believe that you need to > redirect your unauthenticated user to some other page (such as your login > page) if the authentication fails. > That may be true, but that's not how I understand it's supposed to work. If authorization fails, then authenticate_or_request_with_basic_http is supposed to render a 401 (I believe) with this message: controller.__send__ :render, :text => "HTTP Basic: Access denied.\n", :status => :unauthorized So the controller knows where to redirect to by virtue of it being hardcoded. And the Rails documentation, as well as every other place I've seen showing how this works has it pretty much just like I have it. I've either got a typo that I can't find, or have set something up screwy in my app configuration, or something. I don't *think* that it's because I'm supposed to explicitly redirect unauthorized users elsewhere. But I could be wrong. Keep in mind that I'm not trying to build a full user-based auth system; I just want HTTP basic user/pass protection for a few actions in a single controller, just to help discourage the curious. So I'm not using any of the auth plugins or full-blown user login schemes available. Am I missing something? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
