Johan
Reputation: 40618
Exclude route from authentication in Compojure with friend?
I'm protecting a couple of HTTP routes created with compojure by basic authentication using the friend library. It looks something like this:
(defroutes my-routes
(context "/ctx" []
(GET "/x" [] ...)
(GET "/y" [] ...)
(GET "/z" [] ...)))
(let [friend-auth-cfg {:allow-anon? false
:unauthenticated-handler #(workflows/http-basic-deny "Unauthorized" %)
:workflows [(workflows/http-basic
:credential-fn #(creds/bcrypt-credential-fn {"username" {:password (creds/hash-bcrypt "password")}} %)
:realm "My realm")]}
my-route (-> (wrap-defaults my-routes api-defaults)
(friend/authenticate friend-auth-cfg))]
(run-jetty (routes my-route)))
What I'd like to do is to exclude the "y" route (/ctx/y) from being protected by basic authentication (but x and z should still be protected). How can I achieve that?
Upvotes: 0
Views: 172
Answers (1)
Johan
Reputation: 40618
I ended up splitting "my-routes" into two parts:
(defroutes protected-routes
(context "/ctx" []
(GET "/x" [] ...)
(GET "/z" [] ...)))
and:
(defroutes unprotected-routes
(GET "/ctx/y" [] ...))
And only apply the friend/authenticate middleware to the protected-routes and merging them together like this in the end:
(run-jetty (routes my-route))
Upvotes: 3
Related Questions
- Why do I get java.lang.exception unrecognized body on routes with friend/authenticated as a wrapper?
- Ignoring authentication in unit tests in Clojure web app using Friend?
- How to authenticate a subset of routes in ring application?
- Compojure: access basic-authentication vars in route processing
- basic http auth in Clojure/Friend
- Log in with Friend, from the server side?
- Use Friend for authentication and authorisation in a single page Clojure web application
- Friend authentication empty param
- Use JSON request body rather than request parameters for Friend authentication in a Clojure Web Application
- How to use friend with compojure?