doing redirect in filter class?

goodwill · December 27, 2007, 4:51am

I want to write a filter class that verify the credentials and redirect to login if necessary. However it seems like I can't access redirect_to method from the controller (without doing reflection, i.e.) is there example on how to get this working? I think filter class is a lot better than embedded class method.

goodwill · December 27, 2007, 5:52am

No, I mean

before_filter AuthenticationFilter

class AuthenticationFilter self.filter(controller) #redirection if authentication failed end end

goodwill · December 27, 2007, 5:53am

And, no I am not using acts_as_authenticated

Bala_Paranj · December 27, 2007, 7:20am

U cannot do a redirect inside a filter. It returns true or false
depending whether the request passed the filter condion or not. U
could throw an app specific exception and handle it in ur action. This
is a guess.

Frederick_Cheung · December 27, 2007, 9:50am

U cannot do a redirect inside a filter. It returns true or false depending whether the request passed the filter condion or not. U could throw an app specific exception and handle it in ur action. This is a guess.

Um that's rubbish. And in rails 2.0 what you return from your filter
is irrelevant. I don't think there's a nice way to do this for that sort of filter

Fred

goodwill · December 30, 2007, 7:03pm

Mind I am a bit lazy and ask u to plug the relevant code here?

goodwill · December 30, 2007, 7:18pm

Ryan u might have mixed up something, I mean a filter class, I am very sure a routine within the controller tree, either inherited above or within, would work.

bphogan · December 31, 2007, 3:35am

@goodwill

In your case,

class AuthenticationFilter self.filter(controller) #redirection if authentication failed end end

you have the instance of the controller right there. Use that… but use .send instead as redirect_to is protected.

controller.send :redirect_to, {:action=>"foo", :controller=>"bar"}

Now, I don’t quite know if named routes will work as I have not tested it. I would imagine though that they are accessible via controller.send as they are also protected.

It was mentioned before, but restful_authentication or acts_as_authenticated are well-tested auth systems. I suppose there’s a reason you’re not using them though, which is fine.

You might find this interesting - http://rubycas-client.googlecode.com/svn/trunk/rubycas-client/lib/

It’s a plugin for the CAS single-sign-on system. It does authentication with a third-party and does redirects, etc. It’s a bit complex but it may give you some ideas.

Good luck!