Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Rack
                   For User Authentication




http://rirug.com                             RIRUG
Common Web App Needs




http://rirug.com              RIRUG
Common Web App Needs



            • A User



http://rirug.com              RIRUG
Common Web App Needs



            • A User
            • A way to associate requests with that user


http://rirug.com  ...
Many Current Auth Solutions
            •      RESTful Authentication   •   HTTP Auth

            •      AuthLogic       ...
Why Another One?



http://rirug.com                      RIRUG
Rack
         Rails 2.3 introduced Rack
                compatibility.

         Rails 3 is Rack dependent.

          Rac...
Default Rails Rack Stack




http://rirug.com                          RIRUG
How Does This Affect Authentication?



            • Rack allows for “mountable apps”
             • Rails middleware
   ...
How will your
               authentication cope?


http://rirug.com                      RIRUG
Apps Usually Need a
                    “User”


http://rirug.com                    RIRUG
Current Authentication
           Systems Will Conflict
              Between Apps

http://rirug.com               RIRUG
http://rirug.com   RIRUG
Warden

            •      Injects a lazy proxy into the request

            •      Proxy follows around the request

   ...
Authenticating
                    (Loggin In)




http://rirug.com                    RIRUG
Accessing the user




http://rirug.com                        RIRUG
Logging Out




http://rirug.com                 RIRUG
Authentication Logic

            • Strategy Based
            • Packagable
            • Sharable between discrete apps
 ...
Warden Strategy




http://rirug.com                     RIRUG
Strategies

            • Multiple Strategies
            • Strategies Cascade



http://rirug.com                     RIR...
Rack Setup




http://rirug.com                RIRUG
Rails Integration




http://rirug.com                       RIRUG
Warden + Devise



http://rirug.com                     RIRUG
Devise

            •      Flexible Rails authentication based on Warden

            •      Rack based

            •    ...
Devise Modules
            •      Database Authenticatable
            •      Token Authenticatable
            •      Con...
Demo



http://rirug.com          RIRUG
Rack Resources


            •      http://rack.rubyforge.org/

            •      http://rack.rubyforge.org/doc/SPEC.html...
Warden Resources


            •      http://www.slideshare.net/hassox/warden-introduction

            •      http://wiki...
Devise Resources

               •   http://blog.plataformatec.com.br/2010/02/happy-birthday-devise/

               •   h...
Upcoming SlideShare
Loading in …5
×

Rack for User Authentication

6,433 views

Published on

Using Rack for user authentication with Rack apps

Published in: Technology
  • Be the first to comment

Rack for User Authentication

  1. 1. Rack For User Authentication http://rirug.com RIRUG
  2. 2. Common Web App Needs http://rirug.com RIRUG
  3. 3. Common Web App Needs • A User http://rirug.com RIRUG
  4. 4. Common Web App Needs • A User • A way to associate requests with that user http://rirug.com RIRUG
  5. 5. Many Current Auth Solutions • RESTful Authentication • HTTP Auth • AuthLogic • LDAP • Clearance • CAS • OpenID • Roll Your Own http://rirug.com RIRUG
  6. 6. Why Another One? http://rirug.com RIRUG
  7. 7. Rack Rails 2.3 introduced Rack compatibility. Rails 3 is Rack dependent. Rack allows for modular application design. http://rirug.com RIRUG
  8. 8. Default Rails Rack Stack http://rirug.com RIRUG
  9. 9. How Does This Affect Authentication? • Rack allows for “mountable apps” • Rails middleware • Rails metal http://rirug.com RIRUG
  10. 10. How will your authentication cope? http://rirug.com RIRUG
  11. 11. Apps Usually Need a “User” http://rirug.com RIRUG
  12. 12. Current Authentication Systems Will Conflict Between Apps http://rirug.com RIRUG
  13. 13. http://rirug.com RIRUG
  14. 14. Warden • Injects a lazy proxy into the request • Proxy follows around the request • Does nothing until asked • Authenticates requests for any kind of “user” • Provides a mechanism for authentication • Available to all downstream Rack parts http://rirug.com RIRUG
  15. 15. Authenticating (Loggin In) http://rirug.com RIRUG
  16. 16. Accessing the user http://rirug.com RIRUG
  17. 17. Logging Out http://rirug.com RIRUG
  18. 18. Authentication Logic • Strategy Based • Packagable • Sharable between discrete apps • Simple http://rirug.com RIRUG
  19. 19. Warden Strategy http://rirug.com RIRUG
  20. 20. Strategies • Multiple Strategies • Strategies Cascade http://rirug.com RIRUG
  21. 21. Rack Setup http://rirug.com RIRUG
  22. 22. Rails Integration http://rirug.com RIRUG
  23. 23. Warden + Devise http://rirug.com RIRUG
  24. 24. Devise • Flexible Rails authentication based on Warden • Rack based • Complete MVC solution using Rails engines • Allows for multiple roles (models/scopes) • Based on modularity http://rirug.com RIRUG
  25. 25. Devise Modules • Database Authenticatable • Token Authenticatable • Confirmable • Recoverable • Rememberable • Registerable • Trackable • Timeoutable • Validatable • Lockable http://rirug.com RIRUG
  26. 26. Demo http://rirug.com RIRUG
  27. 27. Rack Resources • http://rack.rubyforge.org/ • http://rack.rubyforge.org/doc/SPEC.html • http://railslab.newrelic.com/2009/06/05/episode-14-rack-metal http://rirug.com RIRUG
  28. 28. Warden Resources • http://www.slideshare.net/hassox/warden-introduction • http://wiki.github.com/hassox/warden/overview • http://github.com/hassox/rails_warden http://rirug.com RIRUG
  29. 29. Devise Resources • http://blog.plataformatec.com.br/2010/02/happy-birthday-devise/ • http://github.com/plataformatec/devise • http://rdoc.info/projects/plataformatec/devise • http://railscasts.com/episodes/209-introducing-devise • http://railscasts.com/episodes/210-customizing-devise http://rirug.com RIRUG

×