[hunchentoot-devel] Re: hunchentoot authorization

[Arjan Wekking]

On 13 apr 2008, at 03:21, Cyrus Harmon wrote:

> This certainly doesn't have to be part of hunchentoot.

Perhaps this can be resolved by considering Hunchentoot a web-server  
and, like Robert said, not a web application framework; if this deals  
with HTTP details (like HTTP layer authentication and authorization)  
the answer is simply 'yes'. If your authorization and authentication  
is not at the HTTP layer, I would say it is part of your application  
and not HTPP and thus should remain there.

Although a covers-everything web framework has allure at first; I've  
often experienced disappointment after actually using some due to un- 
layered or incomplete design forcing you to do it their way or having  
to use horrible workarounds and hacks that make you feel dirty.

However, there is definitely a place for frameworks that sit on top of  
a generic web-server with a good HTTP layer API. I hope Hunchentoot  
will remain being such a web-server.

In fact, I firmly believe there is even place for a layer in-between  
(think Python's WSGI but perhaps richer) so that web frameworks can be  
written in a web-server agnostic way and can perhaps even cooperate  
and nest each-other.

Woops, sorry for hijacking your thread with that - I'll get off my  
soapbox now ;)

-Arjan

> On Apr 12, 2008, at 5:45 PM, Robert Synnott wrote:
>
>> To me, this seems like pushing Hunchentoot more in the direction of
>> being a web framework than just a webserver. Not that there's  
>> anything
>> wrong with that, of course, but it could probably be just as easily
>> done with a library that sits on top and implements a light-weight
>> framework.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3405 bytes
Desc: not available
URL: <https://mailman.common-lisp.net/pipermail/tbnl-devel/attachments/20080413/9fd3726b/attachment.bin>