ssl_requirement插件让我们指定哪些action需要SSL访问,哪些不需要,并且帮我们redirect到相应的URL
安装好插件后,首先在application.rb里include该插件
[code]
class ApplicationController < ActionController
include SslRequirement
end
[/code]
然后在controller里我们指定需要和不需要SSL的action:
[code]
class AccountController < ApplicationController
ssl_required :signup, :payment
ssl_allowed :index
def signup
# Non-SSL access will be redirected to SSL
end
def payment
# Non-SSL access will be redirected to SSL
end
def index
# This action will work either with or without SSL
end
[/code]
ssl_requirement插件主要是lib/ssl_requirement.rb:
[code]
# Copyright (c) 2005 David Heinemeier Hansson
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
module SslRequirement
def self.included(controller)
controller.extend(ClassMethods)
controller.before_filter(:ensure_proper_protocol)
end
module ClassMethods
# Specifies that the named actions requires an SSL connection to be performed (which is enforced by ensure_proper_protocol).
def ssl_required(*actions)
write_inheritable_array(:ssl_required_actions, actions)
end
def ssl_allowed(*actions)
write_inheritable_array(:ssl_allowed_actions, actions)
end
end
protected
# Returns true if the current action is supposed to run as SSL
def ssl_required?
(self.class.read_inheritable_attribute(:ssl_required_actions) || []).include?(action_name.to_sym)
end
def ssl_allowed?
(self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym)
end
private
def ensure_proper_protocol
return true if ssl_allowed?
if ssl_required? && !request.ssl?
redirect_to "https://" + request.host + request.request_uri
return false
elsif request.ssl? && !ssl_required?
redirect_to "http://" + request.host + request.request_uri
return false
end
end
end
[/code]
其中[b]controller.before_filter(:ensure_proper_protocol)[/b]保证了正确的访问协议
安装好插件后,首先在application.rb里include该插件
[code]
class ApplicationController < ActionController
include SslRequirement
end
[/code]
然后在controller里我们指定需要和不需要SSL的action:
[code]
class AccountController < ApplicationController
ssl_required :signup, :payment
ssl_allowed :index
def signup
# Non-SSL access will be redirected to SSL
end
def payment
# Non-SSL access will be redirected to SSL
end
def index
# This action will work either with or without SSL
end
[/code]
ssl_requirement插件主要是lib/ssl_requirement.rb:
[code]
# Copyright (c) 2005 David Heinemeier Hansson
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
module SslRequirement
def self.included(controller)
controller.extend(ClassMethods)
controller.before_filter(:ensure_proper_protocol)
end
module ClassMethods
# Specifies that the named actions requires an SSL connection to be performed (which is enforced by ensure_proper_protocol).
def ssl_required(*actions)
write_inheritable_array(:ssl_required_actions, actions)
end
def ssl_allowed(*actions)
write_inheritable_array(:ssl_allowed_actions, actions)
end
end
protected
# Returns true if the current action is supposed to run as SSL
def ssl_required?
(self.class.read_inheritable_attribute(:ssl_required_actions) || []).include?(action_name.to_sym)
end
def ssl_allowed?
(self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym)
end
private
def ensure_proper_protocol
return true if ssl_allowed?
if ssl_required? && !request.ssl?
redirect_to "https://" + request.host + request.request_uri
return false
elsif request.ssl? && !ssl_required?
redirect_to "http://" + request.host + request.request_uri
return false
end
end
end
[/code]
其中[b]controller.before_filter(:ensure_proper_protocol)[/b]保证了正确的访问协议
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
