Closed mwotton closed 13 years ago
There's no authorization code in Ratpack, but since the original HttpServletRequest is available to you, you should be able to use any technique you want to authorize requests.
Off the top of my head (I haven't tried this, it's just an idea), maybe you could decorate the request handlers to protect your app? You could create a function that wraps the request handler closure and performs the authorization before calling the original handler. Maybe something like this (the implementation of isAuthorized
is up to you):
def auth = { handler ->
def newHandler = {
if(isAuthorized(request)) {
handler.delegate = this.delegate
return handler()
} else {
return "Access denied"
}
}
return newHandler
}
get("/super-secret", auth({
"Secret things go here"
}))
Thanks, that looks useful. Ideally, I'd like to set auth requirements for the whole app, but the decorated handler looks like a reasonably low-fuss approach.
tried with this:
def isAuthorized = {request -> true }
def auth = { handler ->
def newHandler = {
if(isAuthorized(request)) {
handler.delegate = this.delegate
return handler()
} else {
return "Access denied"
}
}
return newHandler
}
get("/super-secret/:id", auth({
"Secret things go here with ${urlparams[id]}"
}))
but got an error on trying to access this.delegate:
➜ groovyskunk git:(master) ✗ ratpack test.groovy inside this :) Starting Ratpack app with config: [:] 2010-12-02 10:50:44.364::INFO: Logging to STDERR via org.mortbay.log.StdErrLog 2010-12-02 10:50:44.414::INFO: jetty-0.5.0 2010-12-02 10:50:44.548::INFO: Started SocketConnector@0.0.0.0:5000 [ Error] Caught Exception: groovy.lang.MissingPropertyException: No such property: delegate for class: Script1 [ 500] GET /super-secret/foo
is 'delegate' a Ratpack construction?
delegate
is a Groovy concept, not a Ratpack one: the delegate is the object that's used as the enclosing scope. Messing with a closure's delegate is how Ratpack injects methods and properties into the handlers.
I tried this sample app and got it to work (the code I gave you earlier had a bug):
def auth = { handler ->
def newHandler = {
if( urlparams['id'] == 'admin' ) {
handler.delegate = delegate
return handler()
} else {
return "Access denied: admin-only area."
}
}
return newHandler
}
get("/super-secret/:id", auth({
"Secret things go here for ${urlparams['id']}"
}))
is there anything like Rack::Auth::Basic for ratpack? how do you handle auth?