I recently had to develop a small application for a client. The goal was to add a feature to grown Java web application.

As the software was maintained for several years there are users with old an new MySql passwords in the system.

To authenticate the user I have chosen authenticate_or_request_with_http_basic

As I just needed handful of actions all of them go in one controller:

class MyController < ApplicationController

  before_filter :authenticate

  def index
   # [ ... ]
  end

  protected

  def authenticate
    authenticate_or_request_with_http_basic do |id, password|
      @user = User.find_by_name(id)
      login_ok = @user.authenticate(password)
      login_ok
    end
  end

end

To check if the user can be authenticated:

class User < ActiveRecord::Base

  def authenticate(password)
    user = User.find_by_sql(["select * from user where user_pass=password('%s') \
                              OR user_pass=old_password('%s')",password,password])
    (user.length > 0)?true:false
  end


end

Its a very simple approach.

What do you think?

Interested in Cloud or Chef Trainings? Have a look at our Commandemy Trainings page. Need help migrating to the cloud? Check out Infralovers.

comments powered by Disqus
Blog Tags
amazon ami ant apache apache2 aws baremetal books capistrano cd centos chef chef-training chefio cisco cloud cron crowbar cruise cruise-control devops devstack ebs ec2 environment-2-0 fuel getchef git github gitlab glassfish google high-availability http-basic-auth http_request iaas iclassify infracoders java kitchenci misc mysql netops neutron openflow openstack opschef opscode opscookbook ping-fm puppet rackspace radiant radiantcms rails razor rdo ruby sdn shell-scripting sles ssh ssl sun susecloud swift sysadmin thougthworks tomcat trema vagrant virtualbox virtualhost