restful-authentication | used plugin provides a foundation | Authorization library
kandi X-RAY | restful-authentication Summary
kandi X-RAY | restful-authentication Summary
This widely-used plugin provides a foundation for securely managing user authentication:. Several features were updated in May, 2008. IMPORTANT: if you upgrade your site, existing user account passwords will stop working unless you use --old-passwords.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Calculate the checksum
restful-authentication Key Features
restful-authentication Examples and Code Snippets
Community Discussions
Trending Discussions on restful-authentication
QUESTION
I have read that, session is against the concept of RESTfulness.
Do sessions really violate RESTfulness?
Session Management in microservices
Since Microservices inevitably use REST
, does the same apply here as well? If so, then why do we have Spring session? It even lists 'Spring Session allows providing session ids in headers to work with RESTful
APIs' as one of its features.
ANSWER
Answered 2020-May-19 at 00:24Apart from Scaling as an advantage of micro-services, it also provides you with the flexibility to choose polyglot architecture i.e (using the right programming language, framework, database for the right job).
If you use spring sessions(which off-course provides session replication across nodes), internally it uses Redis/gemfire/hazelcast as a replicated session store, but you will have to stick to one programming language & framework for all your services i.e Java & Spring resp.(You can off course write your own implementation in other languages to read from session store, but its re-inventing the wheels) And this will take away Benefit of Polyglot Architecture.
So typically in microservices architecture, you have a token-service(and it should be able to scale individually) implementation to generate tokens(aka sessionIds) which are used for Authentication & Authorization in each service and you should try to avoid storing the session information. It will also help to avoid "Single point of Failure".
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install restful-authentication
either use git clone git://github.com/technoweenie/restful-authentication.git restful_authentication
or rename the plugin's directory to be restful_authentication after fetching it.
The first parameter specifies the model that gets created in signup (typically a user or account model). A model with migration is created, as well as a basic controller with the create method. You probably want to say "User" here.
The second parameter specifies the session controller name. This is the controller that handles the actual login/logout function on the site. (probably: "Session").
--include-activation: Generates the code for a ActionMailer and its respective Activation Code through email.
--stateful: Builds in support for acts_as_state_machine and generates activation code. (@--stateful@ implies @--include-activation@). Based on the idea at [[http://www.vaporbase.com/postings/stateful_authentication]]. Passing @--skip-migration@ will skip the user migration, and @--skip-routes@ will skip resource generation -- both useful if you've already run this generator. (Needs the "acts_as_state_machine plugin":http://elitists.textdriven.com/svn/plugins/acts_as_state_machine/, but new installs should probably run with @--aasm@ instead.)
--aasm: Works the same as stateful but uses the "updated aasm gem":http://github.com/rubyist/aasm/tree/master
--rspec: Generate RSpec tests and Stories in place of standard rails tests. This requires the "RSpec and Rspec-on-rails plugins":http://rspec.info/ (make sure you "./script/generate rspec" after installing RSpec.) The rspec and story suite are much more thorough than the rails tests, and changes are unlikely to be backported.
--old-passwords: Use the older password scheme (see [[#COMPATIBILITY]], above)
--skip-migration: Don't generate a migration file for this model
--skip-routes: Don't generate a resource line in @config/routes.rb@
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page