Rails 2.x http基本身份验证

Question

我试图让我的Rails应用程序工作的基本http身份验证。我提供了一个由Rails服务器提供的简单REST接口，只有xml/json输出。

每一个方法需要进行认证的，所以我把在ApplicationController中的身份验证过滤器：

class ApplicationController < ActionController::Base 
    helper :all # include all helpers, all the time 
    before_filter :authenticate 

protected 
    def authenticate 
    authenticate_or_request_with_http_basic do |u, p| 
     true 
    end 
    end 
end 

即使具有方法返回true，我从服务器接收401：

$ curl http://127.0.0.1:3000/myresource/1.xml -i 
HTTP/1.1 401 Unauthorized 
Cache-Control: no-cache 
WWW-Authenticate: Basic realm="Application" 
X-Runtime: 1 
Content-Type: text/html; charset=utf-8 
Content-Length: 27 
Server: WEBrick/1.3.1 (Ruby/1.9.1/2010-01-10) 
Date: Thu, 03 Jun 2010 02:43:55 GMT 
Connection: Keep-Alive 

HTTP Basic: Access denied. 

如果我明确返回true，但获得服务401.

Answer 1

您必须指定一个登录名/密码对，即使您没有检查他们

curl http://127.0.0.1:3000/myresource/1.xml -i -u username:password 

Answer 2

如果你想显示XML请求的错误信息，你可以写你自己的before_filter：

class ApplicationController < ApplicationController::Base 
    before_filter :authenticate 

    def authenticate 
    authentication_procedure = lambda do |username, password| 
     # test username and password 
    end 
    authenticate_with_http_basic(&authentication_procedure) || 
     request_http_basic_authentication_or_show_xml_error(&authentication_procedure) 
    end 

    def request_http_basic_authentication_or_show_xml_error(&auth_proc) 
    if request.format == Mime::XML 
     render :action => '/errors/401' 
    else 
     request_http_basic_authentication('My Realm') 
    end 
    end 
end 

然后把东西放到app/views/errors/401.xml.builder。