tags:

views:

374

answers:

1
+1  Q: 

Thin, Sinatra, and intercepting static file request to do CAS authentication

I'm using the casrack-the-authenticator gem for CAS authentication. My server is running Thin on top of Sinatra. I've gotten the CAS authentication bit working, but I'm not sure how to tell Rack to intercept "/index.html" requests to confirm the CAS login, and if the user is not allowed to view the page, return a HTTP 403 response instead of serving the actual page. Does anyone have experience with this? Thanks.

My app:

class Foo < Sinatra::Base
    enable :sessions
    set :public, "public"
    use CasrackTheAuthenticator::Simple, :cas_server => "https://my.cas_server.com"
    use CasrackTheAuthenticator::RequireCAS

    get '/' do
        puts "Hello World"
    end
end

My rackup file:

require 'foo'

use Rack::CommonLogger
use Rack::Lint

run Foo

Initial attempt at getting Rack to understand authentication in its file service (comments and thoughts welcome):

builder = Rack::Builder.new do
    map '/foo/index.html' do
        run Proc.new { |env|
            user = Rack::Request.new(env).session[CasrackTheAuthenticator::USERNAME_PARAM]
            [401, { "Content-Type" => "text/html" }, "CAS Authentication Required"] unless user
            # Serve index.html because we detected user
         }
    end

    map '/foo' do
        run Foo
    end
end

run builder
+1  A: 

Casrack-the-Authenticator will put the CAS information into the Rack session. You can pull that out in another piece of Rack middleware or in your Sinatra app.

The following is for a Rails application, but the concept is similar for Sinatra or a Rack middleware:

# in app/controllers/application_controller.rb:
protected

def require_sign_in!
  render :nothing => true, :status => 403 unless signed_in?
end

def signed_in?
  current_user.present?
end

def current_user
  @current_user ||= Person.find_by_username(session[CasrackTheAuthenticator::USERNAME_PARAM])
end
James A. Rosen  2010-04-23 17:58:38
Thanks for the info, that piece of code makes sense. What I'm not sure of is the Rack equivalent of hooking into the static content server. My JSON requests from the browser are being rejected properly, for example, but the static file service seems to be bypassing my Sinatra application and providing index.html anyway.
Kenny Peng  2010-04-23 18:29:17
Are you using `Rack::Static`? If so, is it behind the Casrack middleware? Perhaps showing your rackup file would help.
James A. Rosen  2010-04-23 18:32:06
I wasn't using `Rack::Static` before. I actually put casrack into my class that extends Sinatra::Base, because for some reason, I couldn't have it in my rackup and have it work with `enable :sessions` (I probably missed a simple syntax or configuration option, though). I posted basically what my rackup and Sinatra app currently look like.
Kenny Peng  2010-04-23 18:45:42
I think the problem with the sessions is that Casrack needs sessions enabled before it runs, so you can't put it outside Sinatra. Would it be possible to use Rack::Session::Cookie instead of Sinatra's version?
James A. Rosen  2010-04-23 19:06:47
Sure, I can try that. The session management section is less important than the static content redirection for 403 responses. I'm posting what I have in the main section as an initial shot at hooking into the Rack server.
Kenny Peng  2010-04-23 19:55:04

related questions

Best place to get Ruby on Vista up and running as dev environment
How can I encode xml files to xfdl (base64-gzip)?
What is the best way to learn Ruby?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a Class using the Singleton Design Pattern in Ruby?
How do I update Ruby Gems from behind a Proxy (ISA-NTLM)
Why Should I Learn Ruby?
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
How do I rake tasks within a ruby script?
Ruby On Rails with Windows Vista - Best Setup?
Mapping values from two array in Ruby
Reverse DNS in Ruby?
Text Editor For Linux (Besides Vi)?
What is good forum software to add to an existing Rails application?
Calling Bash Commands From Ruby
How can I modify .xfdl files? (Update #1)
How do I use (n)curses in Ruby?
Open Source Ruby Projects
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
When to use lambda, when to use Proc.new?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.
.NET Migrations Engine
How do I add existing comments to RDoc in Ruby?