Phil Marneweck haragx@gmail.com writes:

Is there a way to in hunchentoot to protect static files from unauthorized downloads. When I talk about static files I mean files with static handlers in hunchentoot.

You can use your own dispatch functions to do authorization. So you can do something like:

(defun authorized-dispatcher (dispatch-fn authorized-p) (lambda (request) (when (funcall authorized-p) (funcall dispatch-fn request))))

(defun role (&rest roles) (lambda () (let ((user-roles (session-value :roles))) (dolist (role roles) (when (find role user-roles :test #'eq) (return t))))))

(setf *dispatch-table* (list .... (authorized-dispatcher (create-static-file-dispatcher-and-handler "/foo.txt" "/srv/foo.txt") (role :operator :root)) ....))

Nico