Fork me on GitHub

hopefully this idea will go down a bit better 🙂


Hi all, I am trying to figure out how :access-control works. Have not had success yet, I have read security chapter in yada manual, but I guess I am doing something wrong here. Appreciate any help I can get on this. Here is my resource.

(defn hello-routes []
  ["/hello" (yada/resource  {:id          :test-resource/hello
                             :description "Says Hello!"
                             :produces    "text/plain"
                             :access-control {:realm "accounts"
                                              :scheme "Basic"
                                              :verify (fn [[user password]]
                                                          (println "Verify function invoked")
                            :methods {:get {:response "Hello world!!!\n"}}})]) 
But that verify function never get invoked.

Rachel Westmacott13:11:19

you might need an :authorization key in the :access-control map

Rachel Westmacott13:11:54

from memory when I used access-control I found that authentication and authorization seemed to be in syzygy


Thanks for the response. This is the hello-world resource from the edge app on github. For some reason the call to /hello goes through. I was expecting it to return a HTTP 401.


one thing is that "Basic" is implemented like this


which means that verify is only called if there are credentials passed in the Authorization request header


I was not passing anything and the request went through to the resource 🙂. I will try to set some in the header.


now, this is not like the way most web frameworks do it - as @peterwestmacott rightly points out, you need to add an :authorization entry


Authentication by itself with not cause a 401 Unauthorized error status


Thanks much for the response, trying that now.


I've just posted a snippet from a previous conversation on slack which might throw some light on the design


Awesome! working now. Thanks much for all the help @malcolmsparks and @peterwestmacott

(defn hello-routes []
  ["/hello" (yada/resource  {:id          :test-resource/hello
                             :description "Says Hello!"
                             :produces    "text/plain"
                                              {:authorization {:methods {:get :Some-Permission-Name}}
                                               :realm "edgetest"
                                               :scheme "Basic"
                                               :verify (fn [[user password]] (println "Verify function invoked") nil)
                             {:get {:response "Hello world!!!\n"}}}