This example defines users, groups, and realms within the basic authentication scheme for HTTP. Read the code below before trying this examples so that you will know the necessary users, passwords, and groups.
The above example is defined in
http:examples;exports.lisp by the following LISP code:
(in-package :http-user)
;; Call DEFINE-ACCESS-CONTROL-REALMS in your configuration.lisp file.
;; ADD-REALM is used here to avoid clobbering existing authentication realms
(add-realm :minimum-security :basic)
(add-realm :system-admin :basic)
;; Some groups within realms must be created before references are made to
;; them in user objects.
(add-groups :minimum-security :users :developers)
(add-group :system-admin :system-hackers)
;; Set up a number of users, assigning realms and groups
(add-user "ernest" :minimum-security
:password "ernest-foo"
:groups '(:users)
:personal-name "Ernest Jones"
:email-address "ernest@foo.com")
(add-user "jim" :minimum-security
:password "jim-foo"
:groups '(:developers :users)
:personal-name "Jim Thompson"
:email-address "jim@foo.com")
(add-user "frank" :minimum-security
:password "frank-foo"
:groups '(:developers :users)
:personal-name "Frank Smith"
:email-address "frank@foo.com")
(add-user "luke" :system-admin
:password "luke-foo"
:groups '(:system-hackers)
:personal-name "Luke Miller"
:email-address "luke@foo.com")
;; Define some capabilities
;; A set of capabilities giving the :developers group basic access
(add-access-control-group :minimum-security-developers
:minimum-security
:capabilities '((:get :developers)
(:head :developers)
(:post :developers)))
;; A set of capabilities allowing anyone named "frank" to do everything but delete or unlink.
(add-access-control-group :minimum-security-frank-capabilities
:minimum-security
:capabilities '((:delete) ;frank can't delete URLs
(:default "frank")))
;; Export some access-controlled urls
(export-url #u"/cl-http/authentication/minimum.html"
:html-computed
:response-function #'display-url-authentication-status
:authentication-realm :minimum-security
:capabilities nil ;;no capabilities means anyone in the realm has access
:expiration '(:no-expiration-header)
:keywords '(:cl-http :authentication :demo))
(export-url #u"/cl-http/authentication/minimum-developers.html"
:html-computed
:response-function #'display-url-authentication-status
:authentication-realm :minimum-security
;; the keyword denotes a access-control group created earlier
:capabilities :minimum-security-developers
:expiration '(:no-expiration-header)
:keywords '(:cl-http :authentication :demo))
(export-url #u"/cl-http/authentication/minimum-frank.html"
:html-computed
:response-function #'display-url-authentication-status
:authentication-realm :minimum-security
;; the keyword denotes a access-control group created earlier
:capabilities :minimum-security-frank-capabilities
:expiration '(:no-expiration-header)
:keywords '(:cl-http :authentication :demo))
(export-url #u"/cl-http/authentication/system-hackers.html"
:html-computed
:response-function #'display-url-authentication-status
:authentication-realm :system-admin
;; Method capabilties suitable for add-access-control-group are
;; passed in directly.
:capabilities '((:default :system-hackers)) ;;system-hackers do everything
:expiration '(:no-expiration-header)
:keywords '(:cl-http :authentication :demo))
Back to CL-HTTP Authentication