Abusing warden?

[Robert Winter]

Hi, I want to use warden to authenticate RESTful SOA requests of my Rails based service which uses Grape, where the requestor will send along their x509/SSL certificate. I have been working off of the information posted here: http://pothibo.com/2013/07/authentication-with-warden-devise-less/

The first obstacle is my confusion that warden does not authenticate every request coming through the Rack stack to my rails app. What I think I want is that every request be vetted by warden before it hits the Rails Routing phase and that I don't need any redirects to a 'login' controller or 'session' controller or endpoints. (Also, the way I've implemented the Grape API means that requests don't go to a controller either.) To keep things simple, imagine my warden strategy is a whitelist - if the x509 cert is on the list, the request is authenticated and continues up the stack. If not on the list, the request gets handled by a Failure Rack app (as illustrated by the above post).

 

So I added a bit of code:

Warden::Manager.on_request do |proxy|

  proxy.authenticate!

end

But that means I have to catch the warden throw if it occurs and handle it. And using 'authenticate?' or 'authenticate' avoids having a 'catch' block, but in all three choices I have to recreate the failure handling code of the Warden::Manager's call method.

This seems 'too difficult' so I'm wondering if I'm missing something fundamental about how to use Warden?

TIA, 

-Robert