Dr. Dobb's Journal - October 2008 - (Page 45)

D10weis_p5db 8/15/08 9:40 AM Page 45 invalid identity URI, if users canceled, or if they failed to enter the correct password. Handle an unsuccessful result by passing the result’s message to failed_login: else failed_login result.message || "Sorry, could not authenticate #{identity_url}" end The next step is to build a login form like Figure 1. At a minimum, you need a form with a text field named openid_url and a Submit button that posts to the session/create action (Example 7) in app/views/session/new.html.erb. Your users will probably expect to land somewhere after they log in, welcoming them to the app. The SessionController#successful_login method redirects users to “welcome/index” so create the , controller: $ ./script/generate controller welcome index • Prompt new users for additional information, required or not, to complete registration. • Require up-front registration to ask for additional information, where OpenID authentication is the final step. • Require up-front registration where OpenID is optional, supplementing another type of authentication, such as traditional username/password login. (If you do this, try to leverage an established authentication library for your language or framework. At a minimum, store salted hashes instead of plaintext passwords!) Conclusion OpenID is a straightforward way to add authentication to your web application, whether it’s built with Ruby on Rails or another framework. OpenID is still evolving. New features are being standardized, new extensions are being developed, identity providers are continuously improving their support, and more applications support it everyday, either as the primary means of authentication or to supplement another method. DDJ PC 9.0 -lint Presents Bug of the Month #440 The school bookstore is computing its annual budget. The array StuCourse indicates whether Student i is taking Course j and CostBook indicates the cost of the book for Course j. But something is going awry. Can you spot it?Visit our web site at www.gimpel.com l. st ge y oo nd on sl e t ki e l uou ar an Th n tw m nti of . . co sed s of . ti ry ver to ad e his th in for C/C++ Next, update the welcome template (Example 8) to give users a slightly personalized page. You just need to map some routes, including one named open_id_complete to catch the responses from identity providers. Open config/routes.rb in your text editor and add the routes in Example 9, then start your Rails app: $ ./script/server #define NStu 3000 #define NCrs 400 extern int const StuCourse[NStu][NCrs]; extern double const CostBook[NCrs]; double total_cost() { int i, j; double cost = 0; for( i = 0; i < NStu; i++ ) for( j = 0; j < NCrs; i++ ) cost += StuCourse[i][j] * CostBook[j]; return cost; } Go to http://localhost:3000/login in your web browser and you should see a simple login form. If you have an OpenID, you should be able to log in! This isn’t the prettiest app ever. I didn’t build a custom layout with any colors or images, and there’s little value in the User model since it’s only a copy of some data returned by identity providers. Again, the complete (and better looking) project is available online. Registration is transparent in this example. Users are automatically “registered” the first time their identity URI is encountered by the app. That may not be right for your application. A few other common strategies for registration include: PC-lint for C/C++ will catch this and many other bugs. It will analyze a mixed suite of C and C++ modules to uncover bugs, glitches, quirks and inconsistencies. Introducing Version 9.0: What, you ask, can be added to our ground-breaking lint products -- products that already contain inter-function value tracking, auto variable and member value tracking, customizable function semantics, a comprehensive system of message suppression, and a rich set of over 500 Warnings that all together provide an environment in which few bugs can survive and none can flourish? The answer to that question is found in Version 9.0, which provides support for precompiled headers, static variable tracking, multi-thread analysis, support for MISRA C 2004 and MISRA C++ 2008, a rich set of program information reports including stack usage, and over 146 new messages. Full Support for ANSI/ISO C and C++. PC-lint for C/C++ Numerous compilers/ libraries supported. Runs on Windows, MS-DOS, and OS/2. $389 Call FlexeLint for C/C++ The same great product for all UNIX systems. Distributed in shrouded C source form. 30 Day Money Back Guarantee Gimpel Software Serving the C/C++ Community for 23 Years. CALL TODAY (610) 584-4261 Or FAX (610) 584-4266 www.gimpel.com PC-lint and FlexeLint are trademarks of Gimpel Software October 2008 l www.ddj.com l Dr. Dobb’s Journal 45 http://www.gimpel.com http://localhost:3000/login http://www.gimpel.com http://www.gimpel.com http://www.ddj.com

Table of Contents Feed for the Digital Edition of Dr. Dobb's Journal - October 2008

Dr. Dobb's Journal - October 2008 Contents Friday Night Fish Fry Alia Vox Developer Diaries Developer’s Notebook Is Your Next Language COBOL? Conversations Safe Coding Practices Code Signing in Adobe AIR OpenID Single Sign-On The Book Cipher Algorithm Indexing and Searching Image files Extending Continuous Integration Into ALM The Agile Edge Effective Concurrency Swaine’s Flames

Dr. Dobb's Journal - October 2008

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.