[hunchentoot-devel] Protecting static files
Nico de Jager
ndj at bitart.cc
Tue Nov 2 11:06:26 UTC 2010
Phil Marneweck <haragx at gmail.com> writes:
> Is there a way to in hunchentoot to protect static files from
> unauthorized downloads. When I talk about static files I mean files
> with static handlers in hunchentoot.
You can use your own dispatch functions to do authorization. So you can
do something like:
(defun authorized-dispatcher (dispatch-fn authorized-p)
(lambda (request)
(when (funcall authorized-p)
(funcall dispatch-fn request))))
(defun role (&rest roles)
(lambda ()
(let ((user-roles (session-value :roles)))
(dolist (role roles)
(when (find role user-roles :test #'eq)
(return t))))))
(setf *dispatch-table* (list
....
(authorized-dispatcher (create-static-file-dispatcher-and-handler "/foo.txt" "/srv/foo.txt")
(role :operator :root))
....))
Nico
More information about the Tbnl-devel
mailing list