Tóth István Zoltán
08/16/2022, 4:06 AMstatic { ... }
?
What I would like to do:
• user A can access files from ./a
folder
• user B can access files from ./a
and ./b
folders
Authentication is done in a very different part of the application. I wouldn't touch that if there is a way. Actually, I shouldn't touch that as authentication and authorisation are two different topics.
As I see, my only option right now is to write (i.e. cut&paste from Ktor) my own handling of static resources and add the authorisation.
Are there any better options? Thanks in advance.Andreas Scheja
08/16/2022, 6:33 AMrouting {
route("/assets") {
static {
files("./a")
}
route("/protected") {
intercept(ApplicationCallPipeline.Call) {
if (!call.user.isAllowedToAccessProtectedResources) return@intercept call.respond(HttpStatusCode.Forbidden)
proceed()
}
static {
files("./b")
}
}
}
}
Tóth István Zoltán
08/16/2022, 8:14 AMcall.respond(...)
generates an error because there is a session cookie and the response is already closed when Ktor tries to add the cookie:
2022-08-16 10:54:51.228 [eventLoopGroupProxy-4-1 ] ERROR ktor.application - 403 Forbidden: GET - /api/content/en/development/Todo.md
java.lang.UnsupportedOperationException: Headers can no longer be set because response was already completed
at io.ktor.server.netty.http1.NettyHttp1ApplicationResponse$headers$1.engineAppendHeader(NettyHttp1ApplicationResponse.kt:42)
at io.ktor.response.ResponseHeaders.append(ResponseHeaders.kt:47)
I replaced it with an unauthorized expression thrown and now it works quite OK. Thanks for the help.Arnab
08/16/2022, 11:28 AM