Is there a way to set up simple http authentication for a Ruby on Rails app on heroku?

A cleaner way is to just drop in a couple lines of Rack middleware into your staging environment config, leaving controller logic alone:

# config/environments/staging.rb
MyApp::Application.configure do
  config.middleware.insert_after(::Rack::Lock, "::Rack::Auth::Basic", "Staging") do |u, p|
    [u, p] == ['username', 'password']
  end

  #... other config
end

This tip courtesy of Ole Morten Amundsen. More info plus Heroku password specification:

http://olemortenamundsen.wordpress.com/2011/04/05/ruby-secure-staging-environment-of-your-public-app-from-users-and-bots/

On Rails4, I got "No such middleware to insert after: Rack::Lock" error. Replace Adam's code to the below:

# config/environments/staging.rb
MyApp::Application.configure do
  config.middleware.use '::Rack::Auth::Basic' do |u, p|
    [u, p] == ['username', 'password']
  end
  # ...
end

See: http://www.intridea.com/blog/2013/6/4/tips-and-tricks-for-deploying-rails-4-apps-on-heroku

Absolutely. The simplest solution is to just put something in your application controller that uses Rails's built in basic auth support (see here: http://railscasts.com/episodes/82-http-basic-authentication) and just wrap it in a conditional for your Rails.env. Note that on Heroku, by default the RAILS_ENV is set to production, but you can change this for your non-production apps using heroku config (http://docs.heroku.com/config-vars).

You could also consider installing some roadblock-style Rack middleware, but I'd just go with the above.