I've seen the question asked a few times on the Google groups but no one seems to follow-up with an answer or solution.. Is it possible to use a central database for User creation and authentication from multiple Rails applications using Authlogic?
It isn't an option for me to use OpenID right now, I'd love to but my client does not support it yet.
I think the best way yould be to implement an OpenID system.
It'd allows your users to authenticate not only on your applications but almost anywhere with their login and password.
Personally i don't like OpenID, people tend to think it's a little bit more secure than it is.
As for your question, i don't see any reason why you can't do that, you'll have to put some extra care on security (user can only log in to the app/domain he is allowed to for ex).
The only problem i see is that you can't share only one table between apps, by default, you'll have to use the same database for all your apps, a no-no.
But, there is a way you can point a model to a different database, i would recommend the [link text][1] gem. although it's meant for a completely different usage, you should be able to use it to point each of your apps to a specific, different database for your user's model.
[1]: http://github.com/fiveruns/data%5Ffabric data_fabric
The short answer is "Yes." Sure. Sharing a user model between applications isn't fundamentally different from sharing any other type of model between applications. Heck, you could potentially even pull your user data via REST with ActiveResource if you didn't mind it being a little bit slow.
But if Authlogic and solutions like it aren't a locked-in business constraint, there are other ways to handle SSO (single sign-on) besides just OpenID. Take a look at RubyCAS, Castronaut (maybe with Casablanca for a client), or for a totally different approach, Hancock.
From a design point of view, have you thought about creating a system dedicated to handle the user information and authentication. Then have your other applications connect to that system through a secure API, most likely internal. You can keep your databases separated, and keep the user database secure by only allowing access through the API.
It seems that there still hasn't been a solution posted to the original question.
I had a similar problem. I had multiple rails applications and I needed to be able to track users between activity on all of them. So, I wanted to have a single application for managing users and tracking and all the other applications would connect to this user database to authenticate.
I was already using Authlogic for some other projects, so I was hoping that it would be as simple as changing some configuration settings.
Here's My solution:
I created the main user tracking application. There was nothing special about the application. It allowed users to register, log in, log out, etc. Once users were logged in they could then navigate to the other apps.
In the environments.rb file of my user application and every application needing to authenticate with the base application, you need to set up the session key and domain to be the SAME.
config.action_controller.session = {
:session_key => '_my_app_session',
:secret => '_long_secret_session_key_here',
:domain => ".basedomain.com"
}
Each of my applications are under their own subdomain, such as app1.basedomain.com app2.basedomain.com I'm not sure if this would work otherwise without some more changes.
In each application, Create the UserSession
class UserSession < Authlogic::Session::Base
end
and User models.
class User < ActiveRecord::Base
establish_connection "users_database"
acts_as_authentic
end
What is different in this User model is that it now has the establish connection method. the "users_database" is in the database.yml file and points to the database for the central user management application.
I didn't go as far as having log in and log out throughout my sub-applications, but if you did you would have to create the UserSessionsController as well.
In each application that uses authentication, I included some helper methods in the ApplicationController, for example,
def current_user_session
return @current_user_session if defined?(@current_user_session)
@current_user_session = UserSession.find
end
def current_user
return @current_user if defined?(@current_user)
@current_user = current_user_session && current_user_session.record
end
def require_user
unless current_user
store_location
redirect_to 'http://main_user_login_page'
return false
end
end
Then I can use 'require_user' in my controllers where I want authentication just like I can in my main user application.
Hope this helps.
Chase M Gray