I have been searching a nice way to leverage integrated security on existing servlets containers in ring web applications. It looks like people is trying to reinvent the wheel out there with their own ring middleware to handle authentication/authorization.
I would like to see something like a ring middleware exposing realm configurations and some security constraints. Something like:
(def web-appp
(wrap-security-constraints [{:transport :confidential}] ; require SSL
(wrap-security-auth [{:pattern "/*"
:type "form"
:ext-form-url "/login"
:realm "users-realm"}]
app-handler)))
And then a macro to wrap handlers that allows to restrict to some role
(defroutes app-handler
(GET "/admin" []
(wrap-allowed-roles ["admin-role"]
(controllers/do-admin)))
;... and so on ...
Thinking about a lein-ring extension here.
Is there anything like this out there? google search not helping here
