레일 스 로그 인 및 인증 플러그 인 httpauthentication restful-authentication

Simple Basic example:

class PostsController < ApplicationController
  USER_NAME, PASSWORD = "dhh", "secret"
  
  before_filter :authenticate, :except => [ :index ]
  
  def index
    render :text => "Everyone can see me!"
  end
  
  def edit
    render :text => "I'm only accessible if you know the password"
  end
  
  private
    def authenticate
      authenticate_or_request_with_http_basic do |user_name, password| 
        user_name == USER_NAME && password == PASSWORD
      end
    end
end


#Here is a more advanced Basic example where only Atom feeds and the XML API is #protected by HTTP authentication, 
#the regular HTML interface is protected by a session approach (NOTE: This example requires Rails Edge as 
#it uses Request#format, which is not available in Rails 1.2.0):

class ApplicationController < ActionController::Base
  before_filter :set_account, :authenticate

  protected
    def set_account
      @account = Account.find_by_url_name(request.subdomains.first)
    end
  
    def authenticate
      case request.format
      when Mime::XML, Mime::ATOM
        if user = authenticate_with_http_basic { |u, p| @account.users.authenticate(u, p) }
          @current_user = user
        else
          request_http_basic_authentication
        end
      else
        if session_authenticated?
          @current_user = @account.users.find(session[:authenticated][:user_id])
        else
          redirect_to(login_url) and return false
        end
      end
    end
end


#In your integration tests, you can do something like this:
  
  def test_access_granted_from_xml
    get(
      "/notes/1.xml", nil, 
      :authorization => HttpAuthentication::Basic.encode_credentials(users(:dhh).name, users(:dhh).password)
    )

    assert_equal 200, status
  end

  class UserSession < Authlogic::Session::Base
    # specify configuration here, such as:
    # logout_on_timeout true
    # ...many more options in the documentation
  end

class UserSessionsController < ApplicationController
    def new
      @user_session = UserSession.new
    end

    def create
      @user_session = UserSession.new(params[:user_session])
      if @user_session.save
        redirect_to account_url
      else
        render :action => :new
      end
    end

    def destroy
      current_user_session.destroy
      redirect_to new_user_session_url
    end
  end

#As you can see, this fits nicely into the RESTful development pattern. What about the view…

  <% form_for @user_session do |f| %>
    <%= f.error_messages %>
    <%= f.label :login %><br />
    <%= f.text_field :login %><br />
    <br />
    <%= f.label :password %><br />
    <%= f.password_field :password %><br />
    <br />
    <%= f.submit "Login" %>
  <% end %>

#Or how about persisting the session…

  class ApplicationController
    helper_method :current_user_session, :current_user

    private
      def current_user_session
        return @current_user_session if defined?(@current_user_session)
        @current_user_session = UserSession.find
      end

      def current_user
        return @current_user if defined?(@current_user)
        @current_user = current_user_session && current_user_session.user
      end
  end