使用在轨道上htaccess的密码保护? [英] using htaccess password protection on rails?
问题描述
我要在我的Rails应用的/管理路由使用的.htaccess文件的密码进行保护 - 这可能
I want the /admin route on my rails app to be protected by using .htaccess password files - is this possible?
推荐答案
Rails有一个内置的帮手,这一点,你可以把这个应用程序中的控制器:
Rails has a built-in helper for this, you could place this in your application controller:
protected
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == "admin" && password == "test"
end
end
然后使用上的before_filter要保护(或只是把它贴在应用程序控制器来阻止整个网站)的任何控制器:
Then use a before_filter on any controllers you want to protect (or just stick it in the application controller to block the whole site):
before_filter :authenticate
此方法适用于Nginx的和Apache的,这是一个额外的好处。这不,但是,工作,如果你有充分的页面缓存启用 - 为游客从来没有碰到Rails堆栈;它不会踢
This method works on Nginx as well as Apache, which is an added bonus. It doesn't, however, work if you have full page caching enabled - as the visitor never hits the Rails stack; it won't kick in.
修改 刚才注意到您指定的/管理的路线。我所有的管理控制器继承从AdminController。你可以设置你的了,像这样:
Edit Just noticed that you specified the /admin route. All my admin controllers inherit from an AdminController. You could set yours up like so:
/app/controllers/admin/admin_controller.rb
/app/controllers/admin/admin_controller.rb
class Admin::AdminController < ApplicationController
before_filter :authenticate
protected
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == "admin" && password == "test"
end
end
end
然后让所有的控制器扩展管理器,如:
Then have all your controllers extend the admin controller, eg:
class Admin::ThingsController < Admin::AdminController
我的路线设置,如下所示:
My routes are setup like so:
map.namespace :admin do |admin|
admin.resources :things
end
希望有所帮助。
Hope that helps.
这篇关于使用在轨道上htaccess的密码保护?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!