[tbnl-devel] Authorized pages
Stefan Scholl
stesch at no-spoon.de
Tue Aug 10 13:29:05 UTC 2004
On 2004-08-10 14:27:28, Björn Lindberg wrote:
> How would I go about using authroization to restrict access to a set
> of pages, perhaps even including static ones? Should I set it up so
> that a prefix of the URIs of that set always leads to a handler which
> calls authorization? In that case, how would such a handler look like?
You could write a wrapper function for the handler. Or a function
which generates wrapper functions for the handler, according for
the specific authorization needs.
Your own dispatcher (or one generated with
CREATE-PREFIX-DISPATCHER or CREATE-REGEX-DISPATCHER) then just
calls the wrapper. The wrapper handles the authorization and
calls either REQUIRE-AUTHORIZATION or your original handler.
Something like this:
(create-prefix-dispatcher "/dealer/"
(generate-auth-wrapper
"dealer"
#'dealer-handler))
If you really need to protect static files, too, then I'd suggest
to write your own version of CREATE-STATIC-FILE-DISPATCHER-AND-HANDLER.
Code is in html.lisp
[...]
(when (equal (script-name request) uri)
;; the handler
+ (generate-auth-wrapper
+ auth-group
(lambda ()
[...]
Regards,
Stefan
More information about the Tbnl-devel
mailing list