Call between controllers

Rails
1

Can anyone direct me to a way that I can make an HTTP request to another
controller from inside a controller?

e.g.

AnApplicationController < ActionController::Base

def listenForAuthControllerData
… do some stuff w/ the data…
end

end

AuthController < ActionController::Base

def login
…do authentication stuff…
…send data to AnApplicationController…

end

end

I’ve seen reference to not using webrick since it doesn’t handle
multi-threading. I have had some success w/ forking an http request:

Process.fork {
req = Net::HTTP::Put.new(uri)
req.set_form_data({“abc” => “123”})
requester = Net::HTTP.new(uri.host, uri.port).request { |http|
http.request(req)
}
requester.finish
}

…but the problem then is that the session’s do not match when I try to
get the data back from the receiving(AnApplicationController)
controller.

I had similarly marginal success when trying to use DRb. I was able to
get the data back, however, this solution

  1. Introduced another point of failure in security in what you might
    have noticed is supposed to be a secure system.
  2. A really complicated system.
  3. Doesn’t feel railsy. (actually neither of these solutions do although
    I prefer the Fork {HTTP::Request} method better.)

I’m not worried about getting the data back from the requesting
Controller. Just the receiving controller.

2

Wouldn’t you do this kind of login with filters

before_filter :login

return_back_or_defalt etc etc?

3

boboroshi wrote:

Wouldn’t you do this kind of login with filters

before_filter :login

return_back_or_defalt etc etc?

I’m summarizing the details of a larger process that’s intended to be
secure from people listening on the line. So yes that would work but it
wouldn’t solve the problem in the manner in which I’m trying to address
it.

4

It’s unclear to me if these two controllers are running on the same
machine or not since you referenced DRb. If they are running on the
same machine how do you instantiate “AnApplicationController”? That is,
Rails instantiates the controller for each incoming request and from
your example that would appear to be “AuthController”.

Could you simply do
AnApplicationController.new.listenForAuthControllerData(some_data)? Of
course, this would require setup and tear down for each invocation.
Another alternative MIGHT be to instantiate it one time and store it in
a class variable. If you have multiple instances of the Ruby
interpreter running on your server though that might not work depending
on the requirements of your application.

-Paul

5

No actually they would be on seperate machines.
The idea is that AnApplicationController is any old rails application.
The AuthController is the single sign-on for different
“AnApplicationController”'s. So in the AnApplicationController, we
handle redirecting to the AuthController when necessary.

The AuthController is expected to take care of authenticating the user
then sending out the permissions to the calling application (directly),
in an attempt to prevent Session hijacking and permission modifications.

6

Looks cool. Unfortunately, I’m trying to say within the framework of
rails. Thanks for all the help though.

7

Have you considered EventMachine? I have not worked with it yet myself
but it supports SSL and would allow you to setup a socket server in
Ruby to handle the authentication and send a response back to the
client. It’s available at Rubyforge. Do a google search on it. I saw
this snippet of code that got me interested in marking it as a tool
that I will likely use when the requirements call for it:

Create a daemon / server in 11 lines of Ruby

require ‘rubygems’
require ‘eventmachine’

module EchoServer
def receive_data(data)
send_data “>>> You sent: #{data}”
close_connection if data =~ /quit|exit/i
end
end

EventMachine::run {
EventMachine::start_server “127.0.0.1”, 8081, EchoServer
}

-Paul