1. No, you have to provide it (as a non-protected route, obviously). 2. The order in which you apply the handler/site and friend/authenticate middlewares is reversed: friend needs the session (and others), so it should come "after" (or rather "within") the handler/site to work properly (in execution order).
On Wednesday, 6 August 2014, Jonathon McKitrick <[email protected]> wrote: > First, the code: > > (ns pts.server > (:use [compojure.core]) > (:require [ring.adapter.jetty :as jetty] > [ring.util.response :as response] > [compojure.handler :as handler] > [compojure.route :as route] > [cemerick.friend :as friend] > (cemerick.friend [workflows :as workflows] > [credentials :as creds]))) > > (defroutes www-routes > (GET "/locked" [] (friend/authorize #{::admin} "Admin only")) > (GET "/home" [] (response/file-response "home.html" {:root > "resources/public"})) > (GET "/login" [] (response/file-response "login.html" {:root > "resources/public"})) > (GET "/" [] (response/redirect "index.html")) > (route/resources "/") > (route/not-found "Not Found")) > > (def app (handler/site www-routes)) > > (def users {"root" {:username "root" > :password (creds/hash-bcrypt "toor") > :roles #{::admin}}}) > > (def secure-app > (-> app > (friend/authenticate {:unauthorized-handler #(response/status > (response/response "NO") 401) > :credential-fn (partial > creds/bcrypt-credential-fn users) > :workflows [(workflows/interactive-form)]}))) > > (defn -main [& args] > (let [port (Integer/parseInt (get (System/getenv) "PORT" "3000"))] > (jetty/run-jetty secure-app {:port port :join? false}))) > > It's dead simple, but 2 major things are not working. > > 1. The POST to /login to submit the login form gives a 404 Not Found. > Isn't the POST handler part of the friend/authenticate middleware? > 2. Attempts to access the /locked URL throw an exception and a > stacktrace, rather than calling the unauthorized handler: > throw+: {:cemerick.friend/required-roles #{:pts.server/admin}, > :cemerick.friend/exprs ["Admin only"], :cemerick.friend/type :unauthorized, > :cemerick.friend/identity nil} > > What am I doing wrong here? > > -- > You received this message because you are subscribed to the Google > Groups "Clojure" group. > To post to this group, send email to [email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');> > Note that posts from new members are moderated - please be patient with > your first post. > To unsubscribe from this group, send email to > [email protected] > <javascript:_e(%7B%7D,'cvml','clojure%[email protected]');> > For more options, visit this group at > http://groups.google.com/group/clojure?hl=en > --- > You received this message because you are subscribed to the Google Groups > "Clojure" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <javascript:_e(%7B%7D,'cvml','clojure%[email protected]');>. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to [email protected] Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
