[Radiant] Authentication for one Section of Site

0 views
Skip to first unread message

Michael Jones

unread,
Feb 13, 2007, 11:17:05 PM2/13/07
to rad...@lists.radiantcms.org
I've got a set of pages that I want to require authentication on.

Any suggestions on how to handle authentication on those pages?

Thanks-
Michael
_______________________________________________
Radiant mailing list
Post: Rad...@lists.radiantcms.org
Search: http://radiantcms.org/mailing-list/search/
Site: http://lists.radiantcms.org/mailman/listinfo/radiant

Sean Cribbs

unread,
Feb 14, 2007, 8:34:06 AM2/14/07
to rad...@lists.radiantcms.org
If your needs are small, you could set up your webserver to demand
HTTP authentication on those paths.

Sean

Michael Jones

unread,
Feb 14, 2007, 12:00:50 PM2/14/07
to rad...@lists.radiantcms.org
Right, that propbably would be the easiest.

I do like the idea of it all being in Ruby so you can just drop the
app on a server and go.

I think I could write an Extension to do this:

* Extension action: process user/pass values, if valid sets session variable
* Extension action: removes session variable
* Extension has tag <r:auth:if_loggedin>mycontent</:rauth:if_loggedin>
* Extension has tag <r:auth:unless_loggedin>go away</:rauth:unless_loggedin>

I would prefer to make it redirect w/flash message if you weren't
authenticated. However I'm not quite sure how to do a rediect from a
class that extends Page?

Thanks for the response, and if there are any other ideas I'd love to hear them.

-Michael

John W. Long

unread,
Feb 14, 2007, 1:24:20 PM2/14/07
to rad...@lists.radiantcms.org
Michael Jones wrote:
> I do like the idea of it all being in Ruby so you can just drop the
> app on a server and go.
>
> I think I could write an Extension to do this:
>
> * Extension action: process user/pass values, if valid sets session variable
> * Extension action: removes session variable
> * Extension has tag <r:auth:if_loggedin>mycontent</:rauth:if_loggedin>
> * Extension has tag <r:auth:unless_loggedin>go away</:rauth:unless_loggedin>

The above would require that you maintain session state for each Web
site visitor, something that Radiant wasn't designed to support out of
the box. It is probably possible to write an extension that would work
around this problem, but you may find it difficult.

--
John

Andrew Klein

unread,
Feb 14, 2007, 7:40:27 PM2/14/07
to rad...@lists.radiantcms.org
Well all, I'm back ;)

Anyways, just a quick question. I remember discussion about caching
still being hashed out for 0.6.0. My question is, is that I want to move
to 0.6.0, but my concern is caching. I have a LOT of traffic now and
don't think my host would be thrilled with pegging the CPU and I hope
there is caching in place.

Thanks!

Andrew

Daniel Sheppard

unread,
Feb 14, 2007, 6:03:28 PM2/14/07
to rad...@lists.radiantcms.org
> Well all, I'm back ;)
>
> Anyways, just a quick question. I remember discussion about caching
> still being hashed out for 0.6.0. My question is, is that I
> want to move
> to 0.6.0, but my concern is caching. I have a LOT of traffic now and
> don't think my host would be thrilled with pegging the CPU and I hope
> there is caching in place.

Caching in 0.6.0 is pretty much the same mechanism as caching in 0.5.2 -
though there has been some performance improvements, if you're currently
running 0.5.2, you should see a drop in cpu usage.

The figures in this email:

http://lists.radiantcms.org/pipermail/radiant-core/2007-January/000244.h
tml

Show the performance of the new caching mechanism - that's running on an
AMD Athlon 1700 with 512mb RAM running apache2 with 2 fastcgid processes
(but the machine was also running a bunch of other processes, so the
figures may be slightly low).

If your host supports xsendfile (typically only if you're using a
VPS/dedicated server and you've installed it yourself or they run
lighttpd), you can have performance only 4-8x slower than raw apache -
that's quite good performance.


Dan.

Michael Jones

unread,
Feb 14, 2007, 6:54:20 PM2/14/07
to rad...@lists.radiantcms.org
Thanks for the note John, I see the sessions are turned off:

class SiteController < ApplicationController
session :off
...
end

I guess having sessions off provides better performance?

I think sessions would be needed for doing any sort or
ecomm/loggedin/user type extensions.

Guess I'll got with basic auth for now.

Thanks-
Michael

Daniel Sheppard

unread,
Feb 15, 2007, 12:05:48 AM2/15/07
to rad...@lists.radiantcms.org

> I guess having sessions off provides better performance?
>
> I think sessions would be needed for doing any sort or
> ecomm/loggedin/user type extensions.
>
> Guess I'll got with basic auth for now.

Yes, it would provide slightly better performance, but the main problem
with sessions is that they would completely break the caching model of
radiant (radiant caches the headers of the requests, which would include
any cookie settings for the session).

If you want session enabled pages, I'd say to pump them through another
controller:

class RestrictedController < ApplicationController
session :on
no_login_required

attr_accessor :config, :cache

def initialize
@config = Radiant::Config
@cache = ResponseCache.instance
end

def show_page
@page = find_page("restricted/#{url}")
unless @page.nil?
@page.process(request, response)
@performed_render = true
else
render :template => 'site/not_found', :status => 404
end
rescue Page::MissingRootPageError
redirect_to welcome_url
end
end

define_routes do |map|
map.with_options(:controller => 'restricted') do |restricted|
restricted.connect 'restricted/*url', :action => 'show_page'
end
end

Something like that anyway.

Dan.

Reply all
Reply to author
Forward
0 new messages