Chad, We have HTTP Basic Auth and HTTP Digest Auth support in Lift. The authentication is implemented as a partial function that you implement like so:
LiftRules.httpAuthProtectedResource.prepend { case (ParsePath("api" :: _, _, _, _)) => Full(AuthRole("admin")) } LiftRules.authentication = HttpBasicAuthentication("lift") { case (username, password, req) => { User.find(By(User.username, username)) match { case Full(user) if user.password.match_?(password) => { userRoles(AuthRole("admin")) true } case _ => false } } } Does that make things clearer for you? Essentially what happens is this: user request (no auth) ==> challenge user request (with auth) ==> sucsess (or challenge if incorrect) HTTP Digest is a lot more complex, if you need info on that, let me know. Thanks Tim On Mar 25, 2:42 pm, Chad Skinner <chadwskin...@gmail.com> wrote: > Humm, I am learning something about HttpBasicAuthentication and need to look > into this more. Is this method called for every request ... even before the > user fills out the login form? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~----------~----~----~----~------~----~------~--~---