0

I'm trying to get basic http authentication working on my Rails app. I'm offering a simple REST interface served by a Rails server, only xml/json output.

Every method needs authentication, so I put the authenticate filter in ApplicationController:

class ApplicationController < ActionController::Base
  helper :all # include all helpers, all the time
  before_filter :authenticate

protected
  def authenticate
    authenticate_or_request_with_http_basic do |u, p|
      true
    end
  end
end

Even with having the method return true, I'm receiving a 401 from the server:

$ curl http://127.0.0.1:3000/myresource/1.xml -i
HTTP/1.1 401 Unauthorized 
Cache-Control: no-cache
WWW-Authenticate: Basic realm="Application"
X-Runtime: 1
Content-Type: text/html; charset=utf-8
Content-Length: 27
Server: WEBrick/1.3.1 (Ruby/1.9.1/2010-01-10)
Date: Thu, 03 Jun 2010 02:43:55 GMT
Connection: Keep-Alive

HTTP Basic: Access denied.

If I'm explicitly returning true, yet getting served a 401.

Improve this question

2 Answers 2

Reset to default
1

you have to specify a login/password pair, even if you don't check them

curl http://127.0.0.1:3000/myresource/1.xml -i -u username:password
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Is there anyway I can display an xml builder view in the event a user does not provide a login/password pair? I want to give a descriptive error message.
0

If you want to show an error message for XML requests you can write your own before_filter:

class ApplicationController < ApplicationController::Base
  before_filter :authenticate

  def authenticate
    authentication_procedure = lambda do |username, password|
      # test username and password
    end
    authenticate_with_http_basic(&authentication_procedure) ||
      request_http_basic_authentication_or_show_xml_error(&authentication_procedure)
  end

  def request_http_basic_authentication_or_show_xml_error(&auth_proc)
    if request.format == Mime::XML
      render :action => '/errors/401'
    else
      request_http_basic_authentication('My Realm')
    end
  end
end

Then put something into app/views/errors/401.xml.builder.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.