With that plugin you can configure SSL per action, and is integrated with URL generation.
There's a couple of things to note about it. There's no API to configure an entire controller as secure. I solved that with this class method:
# A controller makes this call to declare all their actions run behind SSL.
# The call must be put at the bottom of the code, so that the public methods
# are known and returned by public_instance_methods.
def self.this_controller_only_responds_to_https
include SecureActions
require_ssl *self.public_instance_methods(false).map(&:to_sym)
end
The other thing is that the plugin as of revision 14 expects explicit controllers and actions in your calls to url_for (via link_to or whatever). It looks up the pair in a table to figure out whether it needs to select "https" as protocol. The attached patch fixes that.
Secure actions are declared with the class method require_ssl in controllers, so you need to load a controller to let the plugin know his secure actions, if any.
OK, you know automatic class loading is triggered by const_missing in Rails. Now let's suppose /public/index has a link to /account/login, when you start the server even in production mode the link in the home won't be secure until someone hits AccountController. And that argument extends to all the links in the site. The protocol in their generation needs to have the corresponding controller class loaded.
That's why I force class preloading in environment.rb (or production.rb if you prefer that file), like this towards the bottom of the file:
if RAILS_ENV == 'production'
USE_SSL = true
# Trigger controller class loading to execute SSL-related
# declarations, this way we have the correct links right away.
require 'application'
ActionController::Routing.possible_controllers.each do |c|
# known to work without directories
"#{c.camelize}Controller".constantize
end
end
I tried to force class loading at the end of my environemnt.rb file.
I got a nasty error: “A copy of AuthenticatedSystem has been removed
from the module tree but is still active!” whenever I try to access a
2nd page after I boot up webrick.
AuthenticatedSystem is from plugin acts_as_authenticated
I place the constanize codes at the bottom of my environment.rb file.
this error only happens when I use 'require' instead of
'require_dependency'
ArgumentError (A copy of AuthenticatedSystem has been removed from the
module tree but is still active!):
/usr/lib/ruby/gems/1.8/gems/activesupport-1.4.4/lib/active_support/dependencies.rb:237:in
`load_missing_constant'
/usr/lib/ruby/gems/1.8/gems/activesupport-1.4.4/lib/active_support/dependencies.rb:452:in
`const_missing'