[araneida-devel] request-authorized-p (implementation of generic function to yield authorization status)

[Joubert Nel]

Hi,

I'm trying to create an authorization scheme in Araneida. Basically
whenever a location in my URL space is called I want to check whether
the user is authorized and redirect to a login page if he isn't.

I found this post on usenet:
http://groups.google.com/group/comp.lang.lisp/browse_thread/thread/a6990567666934d2/12bca167849b64e9?lnk=gst&q=request-authorized-p&rnum=1&hl=en&fwc=2

According to this post, the generic function "request-authorized-p" is
called for every request to determine whether a client is authorized.

To test this, I've got:

============= snip ==================
(defclass root-page-handler (araneida:handler) ())

(defmethod request-authorized-p ((araneida:handler root-page-handler)
method request)
  (format t "not authorized"))

(defmethod request-not-authorized ((araneida:handler root-page-handler)
method request)
  (araneida:request-redirect request
                             *login-urlstring*))

(defmethod handle-request-response ((araneida:handler root-page-handler)
method request)
  (araneida:request-send-headers request)
  (araneida:html-stream
   (araneida:request-stream request)
   `(html (body (p "logged in")))))


(defparameter *root-page-handler-instance*
  (make-instance 'root-page-handler))

(araneida:install-handler 
 (http-listener-handler *listener*)
 *root-page-handler-instance*
 *app-urlstring* t)
============= snip ==================


So, I've got request-authorized-p on class root-page-handler. However, I
find that this method is never called by Araneida; instead,
handle-request-response is still called.

What gives? What am I missing?

Joubert