On Wed, Mar 25, 2009 at 8:56 AM, Chad Skinner <chadwskin...@gmail.com>wrote:
> All of our applications are currently using form based authentication in
> the EJB container .. am I correct that this (Form based authentication) is
> not supported in Lift?
You are incorrect. Form-based authentication works just fine in Lift.
>
> As I see it, After checking the users cookie against the Authentication
> server I would want to cache the returned User object for a period to
> prevent hitting the server for each request. The only downfall is that if
> the user logs out of the authentication server and the cache is not cleared
> then the user would still be authenticated until the cache expires.
>
> I may be living in the dark ages, but I did not think you could log a user
> out using HttpAuthentication short of closing the browser ... is this true?
>
No. You can stop honoring the authentication provided by HttpAuth. This
requires server logic rather than a hard-coded auth file.
>
>
> On Wed, Mar 25, 2009 at 10:20 AM, Timothy Perrett <timo...@getintheloop.eu
> > wrote:
>
>>
>>
>> Further to that example, no doubt someone will laugh at me for using
>> database access on each request... However this is just an example! In
>> reality I actually read from an LRU cache to save the database access.
>>
>> Cheers, Tim
>>
>> On 25/03/2009 15:08, "Timothy Perrett" <timo...@getintheloop.eu> wrote:
>>
>> >
>> > Chad,
>> >
>> > We have HTTP Basic Auth and HTTP Digest Auth support in Lift. The
>> > authentication is implemented as a partial function that you implement
>> > like so:
>> >
>> > LiftRules.httpAuthProtectedResource.prepend {
>> > case (ParsePath("api" :: _, _, _, _)) => Full(AuthRole("admin"))
>> > }
>> >
>> > LiftRules.authentication = HttpBasicAuthentication("lift") {
>> > case (username, password, req) => {
>> > User.find(By(User.username, username)) match {
>> > case Full(user) if user.password.match_?(password) => {
>> > userRoles(AuthRole("admin"))
>> > true
>> > }
>> > case _ => false
>> > }
>> > }
>> > }
>> >
>> > Does that make things clearer for you? Essentially what happens is
>> > this:
>> >
>> > user request (no auth) ==> challenge
>> > user request (with auth) ==> sucsess (or challenge if incorrect)
>> >
>> > HTTP Digest is a lot more complex, if you need info on that, let me
>> > know.
>> >
>> > Thanks
>> >
>> > Tim
>> >
>> >
>> > On Mar 25, 2:42 pm, Chad Skinner <chadwskin...@gmail.com> wrote:
>> >> Humm, I am learning something about HttpBasicAuthentication and need to
>> look
>> >> into this more. Is this method called for every request ... even before
>> the
>> >> user fills out the login form?
>> > >
>> >
>>
>>
>>
>>
>>
>
> >
>
--
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Git some: http://github.com/dpp
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~----------~----~----~----~------~----~------~--~---
