Securing URL with Rails

rubyonrails-talk
1

Dear all,

How do we secure URL with rails? So only authenticated and authorized users allowed to view certain URL. Is there any configuration that I must set for this?

Many thanks

2

Joshua Jackson wrote:

Dear all,

How do we secure URL with rails? So only authenticated and authorized users allowed to view certain URL. Is there any configuration that I must set for this?

Many thanks

Well i guess its not the url but the method which needs to be secured..say suppose the edit page which is accessible only to the admin so in the method u can define that the logged in user should be admin..and thats how u can put restriction on the user to access that particular path / url

Hope this helps

Thanks

Dhaval Parikh Software Engineer Ruby on Rails www.railshouse.com sales(AT)railshouse(DOT)com

3

Dhaval's right. small addition to his reply:

if you wanna secure a whole part of your url (speak yoururl/admin/* for example) it's probably the best to put

"before_filter :validate_login" and the implementation of your validate_login-method

either into a specific-controller to secure this part of your webapp (i.e. admin_controller.rb), or into the application_controller.rb to secure your whole app.

That way Rails is always calling your validate_login-method before calling the actual action.

Hope this works!

Good luck! Simon

4

Hi guys,

First of all thanks very much for the response. But since I have no experience with Rails yet, could anyone give me a sample code? Also I've heard about restful_authentification are able to do this? Does anyone know where can I get it? I've used gem but ended with no luck.

Many thanks,

5

Joshua,

There are plugin available that make this very easy to accomplish. My personal favorite, and the one I use for all my projects is restful_authentication.

http://agilewebdevelopment.com/plugins/restful_authentication

Very easy to get started using this plugin and will give you the functionality that you're looking for. Begin by reading the README included with the plugin. Then take a look at the files that get added to your ./lib directory of your project for more details.