This repository has been archived by the owner on Dec 12, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 783
Authorization in Web Services
dalton edited this page Sep 13, 2010
·
5 revisions
If your web application provides a web service which returns XML responses then you will likely want to handle Authorization properly with a 403 response. You can do so by rendering an XML response when rescuing from the exception.
rescue_from CanCan::AccessDenied do |exception|
respond_to do |format|
format.html { redirect_to root_url }
format.xml { render :xml => "...", :status => :forbidden }
end
end
Note: I'm not certain what XML is conventionally returned here, if someone wants to fill this out more that would be great.
Example from Amazon S3
HTTP/1.1 403 Forbidden x-amz-request-id: E4CA6F6767D6685C x-amz-id-2: BHzLOATeDuvN8Es1wI8IcERq4kl4dc2A9tOB8Yqr39Ys6fl7N4EJ8sjGiVvu6wLP Content-Type: application/xml Date: Wed, 20 Feb 2008 23:19:01 +0000 Connection: close Server: AmazonS3
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>E4CA6F6767D6685C</RequestId>
<HostId>BHzLOATeDuvN8Es1wI8IcERq4kl4dc2A9tOB8Yqr39Ys6fl7N4EJ8sjGiVvu6wLP</HostId>
</Error>
This project is abandoned, see its successor: CanCanCan