SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Member
    Join Date
    Nov 2005
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    one login for multiple rails apps

    we have several internal applications and the user management has become a nightmare. the only solution we have thought of is having one program for login an authentication, and giving each user a list of the applications they have access to. then, from the main screen, they could select the app they want to use and automatically pass the login info to that application.

    i'm not sure what the best approach would be though. we thought about switching everything over to one giant app, but i'm afraid that this would be trading one nightmare for another. the applications are not related to eachother in any way so i would rather keep them separate if i can.

    if anyone has any suggestions, they would be greatly appreciated.

  2. #2
    Mal Reynolds Mandibal's Avatar
    Join Date
    Aug 2003
    Location
    Columbus
    Posts
    718
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jjkiesch
    we have several internal applications and the user management has become a nightmare. the only solution we have thought of is having one program for login an authentication, and giving each user a list of the applications they have access to. then, from the main screen, they could select the app they want to use and automatically pass the login info to that application.
    This sounds like a good idea. Basically your creating a portal site that will give access to the users to the other apps. The portal handles all the user authentication and authorization. I think your on the right track.
    Erh

  3. #3
    SitePoint Guru
    Join Date
    Aug 2005
    Posts
    986
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You could also use a separate DB for the users table. All applications use this table to check username/pass, so the only thing you have to do is to change your user model to use another DB.

    You can then create a user manager for the user DB.

    I have never used Rails with multiple DBs, but it should be easy:

    Code:
    class User < ActiveRecord::Base
      establish_connection(    
        :adapter  => "mysql",
        :host     => "localhost",
        :username => "myuser",
        :password => "mypass",
        :database => "somedatabase"
      )
    end

  4. #4
    SitePoint Evangelist
    Join Date
    Jun 2004
    Location
    California
    Posts
    440
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That looks easy enough but if you did that with that model, would it automatically use the other connection for the other models? Or would you have to explicitly tell the other models to reconnect back to the other database (although I'm sure the connection resource would've been saved)?

    I also have never used multiple databases before so I'm not sure.
    Happy switcher to OS X running on a MacBook Pro.

    Zend Certified Engineer

  5. #5
    SitePoint Member
    Join Date
    Nov 2005
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i had also thought about setting up a web service that could pass the login information through something like soap. the login portal could return if the user was valid and what apps that user has access to. but again... this is something i know very little about. i know how it works in theory, but i have no clue where to start.

  6. #6
    SitePoint Guru
    Join Date
    Aug 2005
    Posts
    986
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    @xmitchx:

    This connection is used only for that model. Every model has a connection, and the global connection is set in ActiveRecord::Base. Because every model inherits from that one, the connection gets passed on. (unless you override it).

    @jjkiesch:

    That would be very difficult compared to a shared user database. Are you sure you don't want to use a separate user database? The only thing you have to do is changing the connection of the user model for each application.

  7. #7
    SitePoint Evangelist
    Join Date
    Jun 2004
    Location
    California
    Posts
    440
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ah thanks for that info fenrir.

    And I suppot fenrir's seperate userbase idea because it will be very easy to implement and very easy to addon to succeeding apps
    Happy switcher to OS X running on a MacBook Pro.

    Zend Certified Engineer

  8. #8
    SitePoint Member
    Join Date
    Nov 2005
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i'm all for whatever is easier. i'm still new to ruby on rails, so i was just throwing out ideas. as for a user model having it's own database connection, that seems like an easy way to keep all the users in the same database, but it still seems like i'm left with the problem of them having to go to the location of each individual application instead of only going to one place to login. that's why i was wondering if a web service would be easier for what i need.

    the user would actually start at the login portal to authenticate, i just need a way to pass that information to the program that he or she needs to use.

    please bear with me if i am not understanding the suggestions that you are offering. i really appreciate the help.

  9. #9
    SitePoint Guru
    Join Date
    Aug 2005
    Posts
    986
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Are the applications on the same domain? If so, you can use cookies to keep your users authenticated.

    Example:

    yoursite.com/login => login portal, sets cookie
    yoursite.com/app1 => reads cookie, user authenticated
    yoursite.com/app2 => reads cookie, user authenticated
    ...

    If they are on separate domains, it will be difficult because you cannot pass information on to the next application the user visits.

    You could give the user a link for each application in the login portal. These links have an extra parameter to the app:

    app1.com/front?session=nr0s23083

    this parameter is the session identifier your login portal stored in the db. app1.com checks if this session identifier is in the users table, and if it is, the user is automatically logged in.

    If the user logs out, this session id will be deleted from the users table.

    I don't know if this creates security problems (hijacked sessions?).

  10. #10
    SitePoint Evangelist
    Join Date
    Jun 2004
    Location
    California
    Posts
    440
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I was also wondering if the apps are on multiple domains. If it is on multiple subdomains it is no problem because you can set the cookie domain to ".domain.com" (with the preceding dot). But if it is on multiple domains you cannot set cookies so like Fenrir said the only way it looks like you can do something is through session IDs in the parameter which is a security risk...

    I'm sorry I can think of no other way.
    Happy switcher to OS X running on a MacBook Pro.

    Zend Certified Engineer

  11. #11
    SitePoint Member
    Join Date
    Nov 2005
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    we will be keeping all of the apps on the same domain. i think setting a cookie would probably be my best bet. i was looking at the way that sessions are stored however, and read about using a DRb server. would this allow me to share session data between applications? i tried to do this, but i was having problems getting it to work correctly. using sessions, i could store the entire user hash so the attributes would carry over to the other apps.

    if anyone has any info on using DRb to store sessions and can let me know if this is a good idea or how to get started, that would be great.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •