search

bleedingwolf / Ratpack

A micro web framework for Groovy
Other
210 stars 4 forks source link

authentication/authorization #7

Closed mwotton closed 13 years ago

mwotton commented 13 years ago

is there anything like Rack::Auth::Basic for ratpack? how do you handle auth?

justinvoss commented 13 years ago

There's no authorization code in Ratpack, but since the original HttpServletRequest is available to you, you should be able to use any technique you want to authorize requests.

Off the top of my head (I haven't tried this, it's just an idea), maybe you could decorate the request handlers to protect your app? You could create a function that wraps the request handler closure and performs the authorization before calling the original handler. Maybe something like this (the implementation of isAuthorized is up to you):

def auth = { handler ->
    def newHandler = {
        if(isAuthorized(request)) {
            handler.delegate = this.delegate
            return handler()
        } else {
            return "Access denied"
        }
    }
    return newHandler
}

get("/super-secret", auth({
    "Secret things go here"
}))
mwotton commented 13 years ago

Thanks, that looks useful. Ideally, I'd like to set auth requirements for the whole app, but the decorated handler looks like a reasonably low-fuss approach.

mwotton commented 13 years ago

tried with this:

def isAuthorized = {request -> true }
def auth = { handler ->
    def newHandler = {
        if(isAuthorized(request)) {
            handler.delegate = this.delegate
            return handler()
        } else {
            return "Access denied"
        }
    }
    return newHandler
}

get("/super-secret/:id", auth({
    "Secret things go here with ${urlparams[id]}"
}))

but got an error on trying to access this.delegate:

➜ groovyskunk git:(master) ✗ ratpack test.groovy inside this :) Starting Ratpack app with config: [:] 2010-12-02 10:50:44.364::INFO: Logging to STDERR via org.mortbay.log.StdErrLog 2010-12-02 10:50:44.414::INFO: jetty-0.5.0 2010-12-02 10:50:44.548::INFO: Started SocketConnector@0.0.0.0:5000 [ Error] Caught Exception: groovy.lang.MissingPropertyException: No such property: delegate for class: Script1 [ 500] GET /super-secret/foo

is 'delegate' a Ratpack construction?

justinvoss commented 13 years ago

delegate is a Groovy concept, not a Ratpack one: the delegate is the object that's used as the enclosing scope. Messing with a closure's delegate is how Ratpack injects methods and properties into the handlers.

I tried this sample app and got it to work (the code I gave you earlier had a bug):

def auth = { handler ->
    def newHandler = {
        if( urlparams['id'] == 'admin'  ) {
            handler.delegate = delegate
            return handler()
        } else {
            return "Access denied: admin-only area."
        }
    }
    return newHandler
}

get("/super-secret/:id", auth({
    "Secret things go here for ${urlparams['id']}" 
}))