[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: New to lua, web framework?
- From: Fabio Mascarenhas <mascarenhas@...>
- Date: Wed, 6 Oct 2010 09:16:38 -0300
On Wed, Oct 6, 2010 at 5:50 AM, steve donovan <steve.j.donovan@gmail.com> wrote:
> Security is a strong feature of Sputnik, which has a lot of user
> authentication machinery built-in. And it understands the difference
> between 'authentication' and 'authorization': just because you're a
> valid user doesn't mean you should be able to trash stuff that isn't
> yours! Permissions can be assigned in a very flexible way.
>
> Are there equivalent modules that could be used for Orbit, say?
For the authentication part there is mk.auth
(http://github.com/keplerproject/mk/blob/master/src/mk/auth.lua),
which will work with any WSAPI application (and with other more exotic
types if you fallback to the programmatic API instead of using the
filters). Documentation is quite sparse, but there is an example at
http://github.com/keplerproject/mk/blob/master/samples/auth.lua and
the test suite:
http://github.com/keplerproject/mk/blob/master/test/test_auth.lua
Authorization is much more application-specific, I'm afraid... by
default mk.auth will leave an MK_AUTH_USER key in your wsapi_env, and
how you handle authorization after that is up to you.
> steve d.
>
>
--
Fabio Mascarenhas