I have basic authentication set up in a simple CakePHP 2.0 application. I first set up the application to use regular form authentication, then I added the following line to the beforeFilter() of my AppController.php to enable basic http authentication:
$this->Auth->authenticate = array('Basic');
Here’s the full AppController:
<?php
class AppController extends Controller {
public $components = array(
"Session",
"Auth" => array(
'loginRedirect' => array('controller'=>'users','action'=>'index'),
'logoutRedirect' => array('controller'=>'users','action'=>'index'),
'authError' => "You are not authorized to view this page.",
'authorize' => array('Controller'),
)
);
public function isAuthorized($user) {
return true;
}
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('index','view');
$this->set('logged_in', $this->Auth->loggedIn());
$this->set('current_user',$this->Auth->user());
$this->Auth->authenticate = array('Basic');
}
}
?>
Ideally I’d like one specific controller (a controller which will expose an API for use with a mobile device) out of the entire application to use only Basic HTTP authentication, and the rest of the controllers to behave like a normal web application.
Currently if I pass incorrect credentials to the controller I get an HTTP 302 response, when I’d really like a HTTP 401 to be passed back. How can I do this?
*edited for typo
checkout KVZ’s rest plugin it may be of interest
https://github.com/kvz/cakephp-rest-plugin