On Mar 25, 6:00 pm, David Pollak <feeder.of.the.be...@gmail.com>
wrote:
> On Wed, Mar 25, 2009 at 8:56 AM, Chad Skinner <chadwskin...@gmail.com>wrote:
>
> > All of our applications are currently using form based authentication in
> > the EJB container .. am I correct that this (Form based authentication) is
> > not supported in Lift?
>
> You are incorrect. Form-based authentication works just fine in Lift.
>
>
>
> > As I see it, After checking the users cookie against the Authentication
> > server I would want to cache the returned User object for a period to
> > prevent hitting the server for each request. The only downfall is that if
> > the user logs out of the authentication server and the cache is not cleared
> > then the user would still be authenticated until the cache expires.
>
> > I may be living in the dark ages, but I did not think you could log a user
> > out using HttpAuthentication short of closing the browser ... is this true?
>
> No. You can stop honoring the authentication provided by HttpAuth. This
> requires server logic rather than a hard-coded auth file.
Actually there might be a way ... no bullet proof though. You can
register a JavaScript listener when the browser is closed :
onbeforeunload. Here you can probably send an Ajax logout call.
>
>
>
>
>
> > On Wed, Mar 25, 2009 at 10:20 AM, Timothy Perrett <timo...@getintheloop.eu
> > > wrote:
>
> >> Further to that example, no doubt someone will laugh at me for using
> >> database access on each request... However this is just an example! In
> >> reality I actually read from an LRU cache to save the database access.
>
> >> Cheers, Tim
>
> >> On 25/03/2009 15:08, "Timothy Perrett" <timo...@getintheloop.eu> wrote:
>
> >> > Chad,
>
> >> > We have HTTP Basic Auth and HTTP Digest Auth support in Lift. The
> >> > authentication is implemented as a partial function that you implement
> >> > like so:
>
> >> > LiftRules.httpAuthProtectedResource.prepend {
> >> > case (ParsePath("api" :: _, _, _, _)) => Full(AuthRole("admin"))
> >> > }
>
> >> > LiftRules.authentication = HttpBasicAuthentication("lift") {
> >> > case (username, password, req) => {
> >> > User.find(By(User.username, username)) match {
> >> > case Full(user) if user.password.match_?(password) => {
> >> > userRoles(AuthRole("admin"))
> >> > true
> >> > }
> >> > case _ => false
> >> > }
> >> > }
> >> > }
>
> >> > Does that make things clearer for you? Essentially what happens is
> >> > this:
>
> >> > user request (no auth) ==> challenge
> >> > user request (with auth) ==> sucsess (or challenge if incorrect)
>
> >> > HTTP Digest is a lot more complex, if you need info on that, let me
> >> > know.
>
> >> > Thanks
>
> >> > Tim
>
> >> > On Mar 25, 2:42 pm, Chad Skinner <chadwskin...@gmail.com> wrote:
> >> >> Humm, I am learning something about HttpBasicAuthentication and need to
> >> look
> >> >> into this more. Is this method called for every request ... even before
> >> the
> >> >> user fills out the login form?
>
> --
> Lift, the simply functional web frameworkhttp://liftweb.net
> Beginning Scalahttp://www.apress.com/book/view/1430219890
> Follow me:http://twitter.com/dpp
> Git some:http://github.com/dpp
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~----------~----~----~----~------~----~------~--~---