Better (general) authentication
I currently have a method in mine BaseController
and in every controller method I need for the user to be authenticated. I stay to always call this piece of code:
user, err := c.getUser()
if err != nil {
return c.Redirect(UserController.Login)
}
What exactly checks if
revel.InterceptMethod((*UserController).CheckUser, revel.BEFORE)
(in init.go) added a valid user to .RenderArgs["user"]
.
Anyway I can bring this redirect to the login page including. authentication in filter / intercept method so I don't have to repeat the above code 10 times? (I developed this code around revel v0.9 ~ 0.10)
One solution I came up with is to write a module / application similar to the new csrf module.
EDIT 4/11/2015: This question was posted a while ago, please take a look at the official Revel documentation as development
source to share
Just don't allow requests to your controllers unless authentication has been done. To do this, you need to implement Filter . This means something like
init.go:
revel.Filters = []revel.Filter{
SessionFilter, // Preferably a safe implementation that isn't plaintext cookies etc
mypackage.Authenticator
}
mypackage.go:
package mypackage
func Authenticator(c *revel.Controller, fc []revel.Filter) {
// If authentication found (from session), pass to next Filter in stack
// If not, redirect to your authentication UI, and pass
// Or handle other parts of authentication requests...
// If authentication succeeded, save it to session
// Otherwise just drop the request (probably log?)
}
The specifics depend entirely on what kind of authentication you are setting up. Below is the SSO implementation for your reference.
source to share