From: ···········@gmail.com
Subject: request-authorized-p (implementation of generic function to yield authorization status)
Date: 
Message-ID: <1173154797.312109.100320@8g2000cwh.googlegroups.com>
Hi,

I'm trying to create an authorization scheme in Araneida. Basically
whenever a location in my URL space is called I want to check whether
the user is authorized and redirect to a login page if he isn't.

I found this post on usenet:
http://groups.google.com/group/comp.lang.lisp/browse_thread/thread/a6990567666934d2/12bca167849b64e9?lnk=gst&q=request-authorized-p&rnum=1&hl=en&fwc=2

According to this post, the generic function "request-authorized-p" is
called for every request to determine whether a client is authorized.

To test this, I've got:

============= snip ==================
(defclass root-page-handler (araneida:handler) ())

(defmethod request-authorized-p ((araneida:handler root-page-handler)
method request)
  (format t "not authorized"))

(defmethod request-not-authorized ((araneida:handler root-page-
handler)
method request)
  (araneida:request-redirect request
                             *login-urlstring*))

(defmethod handle-request-response ((araneida:handler root-page-
handler)
method request)
  (araneida:request-send-headers request)
  (araneida:html-stream
   (araneida:request-stream request)
   `(html (body (p "logged in")))))


(defparameter *root-page-handler-instance*
  (make-instance 'root-page-handler))

(araneida:install-handler
 (http-listener-handler *listener*)
 *root-page-handler-instance*
 *app-urlstring* t)
============= snip ==================


So, I've got request-authorized-p on class root-page-handler. However,
I
find that this method is never called by Araneida; instead,
handle-request-response is still called.

What gives? What am I missing?

Joubert
From: Vassil Nikolov
Subject: Re: request-authorized-p (implementation of generic function to yield authorization status)
Date: 
Message-ID: <yy8vd53nue84.fsf@eskimo.com>
On 5 Mar 2007 20:19:57 -0800, ···········@gmail.com said:

| Hi,
| I'm trying to create an authorization scheme in Araneida. Basically
| whenever a location in my URL space is called I want to check whether
| the user is authorized and redirect to a login page if he isn't.

  As an aside, if you are checking if a user is authorized [to do
  something], then the user must have already logged in (i.e., a login
  page serves to authenticate users, not to authorize them).

  ---Vassil.


-- 
Is your code free of side defects?
From: ···········@gmail.com
Subject: Re: request-authorized-p (implementation of generic function to yield authorization status)
Date: 
Message-ID: <1173181902.212429.190090@t69g2000cwt.googlegroups.com>
On Mar 6, 12:34 am, Vassil Nikolov <···············@pobox.com> wrote:
> On 5 Mar 2007 20:19:57 -0800, ···········@gmail.com said:
>
> | Hi,
> | I'm trying to create an authorization scheme in Araneida. Basically
> | whenever a location in my URL space is called I want to check whether
> | the user is authorized and redirect to a login page if he isn't.
>
>   As an aside, if you are checking if a user is authorized [to do
>   something], then the user must have already logged in (i.e., a login
>   page serves to authenticate users, not to authorize them).
>

Sure - authorization simply means "are you allowed". In my example,
you are authorized as long as you're authenticated (logged in). In a
fuller example, authorization would be based on the logged-in user's
role together with additional business logic.

Joubert
comp.lang.lisp / 2007 / mar