Where is user and password information stored?
Where do you need to include
AuthenticatedSystem
to make authentication available?
How you tell a controller that users must be logged in to use that controller?
Where do you modify the rules that authorize users to have certain privileges?
How do you keep the logs from storing potentially sensitive security-related information?
User and password information is stored in the database, in a model you name when you first generate the authentication mechanisms.
You could put include
AuthenticatedSystem
in each of your controllers, but it’s no doubt
easiest to put it into the ApplicationController
class in app/controllers/application.rb.
The before_filter
:login_required
method will block requests by unauthenticated
users.
You can redefine the authorized?
method in the ApplicationController
class in app/controllers/application.rb.
You can keep sensitive information out of the logs
with filter_parameter_logging
.