Anybody know of a session based authentication framework for hunchentoot (not http auth) ? Preferably one that wraps around your dispatchers in a transparent manner. I can't be the only one who needs this, and if there are no established library for this I'ld be happy to hear about any other efforts.
-a
authentication framework for hunchentoot ?
Re: authentication framework for hunchentoot ?
I don't think there is one, but the hunchentoot mailing list may know different.
http://common-lisp.net/cgi-bin/mailman/ ... tbnl-devel
I wrote my own, but it's not something that could be teased out into a separate module since authentication can be performed in so many different ways.
There are a few hunchentoot functions that can make the process easier: require-authorization and authorization. And hunchentoot includes a test showing how they can be used.
http://common-lisp.net/cgi-bin/mailman/ ... tbnl-devel
I wrote my own, but it's not something that could be teased out into a separate module since authentication can be performed in so many different ways.
There are a few hunchentoot functions that can make the process easier: require-authorization and authorization. And hunchentoot includes a test showing how they can be used.
Re: authentication framework for hunchentoot ?
Likewise, I've written my own; I could probably extract it for you if you'd like, but they're not too hard to write.
I call on Hunchentoot's built-in session handling, and use that session identifier as the primary key/slot in a Postmodern DAO. I check for an existing session with that primary key and either use the object returned by Postmodern if it exists, or create and persist a new one if it doesn't. Naturally, the object also has a few other slots, for attributes such as name and address.
It's actually part of a library/framework that I've been meaning to open-source for quite a while, but have never been happy with the degree of polish.
I call on Hunchentoot's built-in session handling, and use that session identifier as the primary key/slot in a Postmodern DAO. I check for an existing session with that primary key and either use the object returned by Postmodern if it exists, or create and persist a new one if it doesn't. Naturally, the object also has a few other slots, for attributes such as name and address.
It's actually part of a library/framework that I've been meaning to open-source for quite a while, but have never been happy with the degree of polish.