This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2016-11-15
Channels
- # beginners (138)
- # bigdata (2)
- # boot (45)
- # cljsrn (29)
- # clojure (108)
- # clojure-austin (1)
- # clojure-gamedev (1)
- # clojure-korea (9)
- # clojure-russia (50)
- # clojure-spec (2)
- # clojure-uk (28)
- # clojurescript (40)
- # component (1)
- # cursive (35)
- # datomic (39)
- # dirac (16)
- # emacs (22)
- # flambo (11)
- # funcool (6)
- # hoplon (74)
- # leiningen (4)
- # off-topic (1)
- # om-next (2)
- # onyx (141)
- # planck (7)
- # proton (10)
- # protorepl (4)
- # re-frame (21)
- # reagent (13)
- # remote-jobs (1)
- # ring (3)
- # specter (9)
- # sql (3)
- # test-check (14)
- # untangled (1)
- # vim (9)
- # yada (16)
Hi all, I am trying to figure out how :access-control
works. Have not had success yet, I have read security chapter in yada manual, but I guess I am doing something wrong here. Appreciate any help I can get on this.
Here is my resource.
(defn hello-routes []
["/hello" (yada/resource {:id :test-resource/hello
:description "Says Hello!"
:produces "text/plain"
:access-control {:realm "accounts"
:scheme "Basic"
:verify (fn [[user password]]
(println "Verify function invoked")
nil)}
:methods {:get {:response "Hello world!!!\n"}}})])
But that verify function never get invoked.you might need an :authorization
key in the :access-control
map
from memory when I used access-control I found that authentication and authorization seemed to be in syzygy
@rajdevireddy that looks OK to me
Thanks for the response. This is the hello-world resource from the edge app on github. For some reason the call to /hello goes through. I was expecting it to return a HTTP 401.
one thing is that "Basic" is implemented like this
which means that verify is only called if there are credentials passed in the Authorization request header
I was not passing anything and the request went through to the resource 🙂. I will try to set some in the header.
now, this is not like the way most web frameworks do it - as @peterwestmacott rightly points out, you need to add an :authorization entry
Authentication by itself with not cause a 401 Unauthorized error status
Thanks much for the response, trying that now.
I've just posted a snippet from a previous conversation on slack which might throw some light on the design
Awesome! working now. Thanks much for all the help @malcolmsparks and @peterwestmacott
(defn hello-routes []
["/hello" (yada/resource {:id :test-resource/hello
:description "Says Hello!"
:produces "text/plain"
:access-control
{:authorization {:methods {:get :Some-Permission-Name}}
:realm "edgetest"
:scheme "Basic"
:verify (fn [[user password]] (println "Verify function invoked") nil)
}
:methods
{:get {:response "Hello world!!!\n"}}}
)])