Sounds like you've got some of this working smoothly already, so
apologies in advance if any of this is redundant.
Regarding database roles, the way I have it working in one of my simpler
apps with the default interactive form workflow is to set the
credential-fn in the workflow configuration to something like this:
(defn verify-credentials
[creds]
(let [valid-user (creds/bcrypt-credential-fn users/get-user-creds creds)]
;; other app-specific logic ...
valid-user)) ; finally, returns the valid-user
My get-user-creds function is what queries the database and returns the
user info, including roles, formatted for use in friend's identity map.
In this case the roles are simply a column in the db, but of course
this can be anything as long as you end up with something that looks the
same as the map described in the friend docs (a little further down from
here: https://github.com/cemerick/friend#httpfriend-demoherokuappcom).
The password is checked using bcrypt-credential-fn (obviously you can
substitute this with a different function if you so desire) which
returns either nil or the user-record with the password stripped out.
https://github.com/cemerick/friend/blob/master/src/cemerick/friend/credentials.clj#L20
It then is returned to the interactive-form workflow, which loads it up
into friend's identity map to be stored in the session and used for
role-based authorization checks from that point forward.
https://github.com/cemerick/friend/blob/master/src/cemerick/friend/workflows.clj#L80
As far as actually storing the roles in the database, they are simply a
stringified set of namespace-qualified keywords, like so:
#{:my-app-ns/user}
#{:my-app-ns/admin :my-app-ns/some-other-role}
etc.
I hope this helps, definitely let me know if I didn't answer one of your
questions.
And I'm very happy to hear the tutorial helped you get going, by the way!
DD
(2013/11/17 18:50), wm.mark....@gmail.com wrote:
> Hello,
>
> As a long-time Java web developer, I've now been doing clojure for a few
> days so there's a lot I don't get yet, but I do have an end-to-end
> working Compojure web application with a UI, JSON web services, and
> working form-based authentication using Friend - originally using the
> in-memory users 'database' from the demos.
>
> So what I am doing now is trying to get user name and password
> validation going against a database table.
>
> I actually managed to get this integrated and working as a Friend
> credential-fn.
>
> The state my application in right now is that username and password
> combinations are properly validated against my database table. So I can
> authenticate, or not, correctly.
>
> The only piece that is not yet working is to get role authorisations
> working according to the roles in my database table.
>
> I just can't see how I'm supposed to map one or more namespaced roles to
> either a "roles" column value, or a roles join table in the database.
>
> The examples for Friend show roles like "::admin", "::user", and I use
> similar roles from more than one namespace - so what should I persist in
> the database to load those roles via my credential-fn, and how should I
> populate the :roles property from the result-set?
>
> I feel like I'm really close to getting this fully working, but I've hit
> a road-block so any pointers would be greatly appreciated.
>
> Regards,
>
> -M.
>
> PS
>
> This tutorial was very helpful, so thanks to @ddellacosta
>
> [1] https://github.com/ddellacosta/friend-interactive-form-tutorial
>
> --
> --
> You received this message because you are subscribed to the Google
> Groups "Clojure" group.
> To post to this group, send email to clojure@googlegroups.com
> Note that posts from new members are moderated - please be patient with
> your first post.
> To unsubscribe from this group, send email to
> clojure+unsubscr...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/clojure?hl=en
> ---
> You received this message because you are subscribed to the Google
> Groups "Clojure" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to clojure+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
--
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
---
You received this message because you are subscribed to the Google Groups
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
