Posts Tagged ‘hunchentoot’

Common Lisp Hunchentoot Quicklisp on Ubuntu Server @ Rackspace VM

November 22, 2016

So after six years I finally get round to revisiting this subject, a lot has changed over the years, but not much either, the basics are still the same.

So you want your own lisp web server to hack away at but where do you start? Well don’t despair, what follows is a recipe for getting such a server running in no time.


So I am using Rackspace servers a bit like you would partition your favourite linux install. We are going to store data on one Rackspace volume, have the live data on another and use a different volume for the server. The basic idea is that you can disconnect your data volumes, spin up a new server and reconnect them if you should need to. This way you can also choose which volumes you need as SSD and which not.

You can find a lot of good “how to” stuff on Rackspace at



WFX (CL web widgets) – Update

July 23, 2013

So I have not blogged for ages (more than a year, eish it feels like yesterday!), yeah I know it is bad form, but I have been busy. Well its a good excuse, if it means that some existing open source libs where updated and some new ones got birthed.

WFX a widget framework based on hunchentoot and cl-who has been receiving some much needed TLC. It now boasts an ajax grid and a lot of other basic widgets like linked drop downs etc.

Yes we have an ajax enabled acceptor with some functions to make using ajax simpler.

WFX also got some base widgets to help with integrating to html templates bought of the web, so now its easier to integrate that kewl admin template you got for a steel.

The changes have not been merged with the master branch because I am upgrading all my commercial sites with the changes first to make sure that what gets merged into the master is solid.

Yeah I should have kept my trap shut until all the changes where in master but I got excited because WFX will be easier to use now because a lot of the foot work has been done for you.

To make our lives even simpler there is dx-starter-site to help you kick start a site with security etc. but that needs some more work. The big question is do I add db support straight into it because we use xdb2 as our db for everything and I don’t know if that is what people would want. The idea with dx-strater site is that it should contain all the basics you need to start straight in with a web application instead having to do boring logins and other stuff to use out of the box.

If you are curious about the changes to WFX you can have a look at the expand-func branch.

Facebook with Hunchentoot and OAuth2

June 28, 2012

This is a quick and dirty to see how you can access Facebook stuff from Hunchentoot.

You will need Hunchentoot, Drakma, cl-who and cl-json to run this code. All of them can be gotten with Quicklisp.

You will also need a valid domain that points to localhost to test this code on your local machine. I just set up a subdomain on one of my servers that points to If you don’t have access to your own domain server use or something like it. What ever domain you decide on remember to set the site url in your Facebook app settings to the same domain.

When you want to access Facebook resources you need an access token and to get an access token you have to take the user to a facebook page that asks the user to log in and to give access to your app. Once the user has given access or denied access facebook redirects the user back to the callback uri that you specified, bringing them back to your web page.

If you look at the code you will see that we first get an access code from /dialog/oauth and then a token from /oauth/access_token, this is because we are using response_type=code. The reason we don’t use response_type=access_token is because what Facebook returns can’t be accessed by hunchentoot only javascript can get hold of the stuff after the # that is returned where you would expect a querystring.

Once we have an access token we fetch trivial data form Facebook for the user that authenticated.

The following code is not pretty but it is as short as I could get it without confusing the issues at hand.

There are various OAuth implementations for Common Lisp but if you are reading this you might have struggled with those and hopefully this code will help to clarify what is going on in those more involved implemetations of OAuth. (And none of them had Facebook examples that I could find.)

(define-easy-handler (callback :uri "/callback") ()
  (if (not (parameter "code"))
    (with-html-output-to-string (*standard-output*)
      ;;Clicking on this link will get you an access code, if the user approves.
      (:a :href "
               (str "Go Facebooking")))
    (multiple-value-bind (body status)
        ;;Use the access code to get a access token.
         (format nil "
                 (parameter "code")))

      ;;Check if all was well.
      (if (equal status 200)
          (let* ((querystring (split-string body #\&))
                 (access-token (split-string (first querystring) #\=))
                 ;;(expiry (split-string (second querystring) #\=))

            ;;Fetch something interesting with your access token.
            (multiple-value-bind (bodyx)
                 (format nil "" 
                         (second access-token)))
                (format nil "~A" (json::decode-json-from-string bodyx))))
          (format nil "Something went wrong:~%~A"
                  (json::decode-json-from-string body))))))

(defun split-string (string char)
    "Returns a list of substrings of string divided by char."
    (loop for i = 0 then (1+ j)
          as j = (position char string :start i)
          collect (subseq string i j)
          while j))

WFX, XDB2 – Open sourced

June 15, 2012

Most of what I do is web based systems in Common Lisp using Hunchentoot. Over time me and some of my collueges have created one or two packages to help us with this type of development. Some of these we always wanted to open source but never got round to it because we have not had the time to do decent documentation (something of a pet pieve of mine).

However we came to a point where we felt that despite the lack of documentation these packages would be of use to other lispers, so we took the plunge and opened up WFX and XDB2 to the public. Both have a BSD 2 clause license so what and how you do anything with them is your problem.

WFX is a widget framework written for use with Hunchentoot.

XDB2 is a collection of interfaces that you can use as a in memory persistable transaction log with snapshots.

(As time permits I will blog more about these packages, but don’t hold your breath, time has been in short supply this year so far.)

Hunchentoot 1.2.1 Gotcha

November 15, 2011

So you have been running hunchentoot for ages and got your grubby paws on 1.2.1 (most likely from but now your sites are throwing stuff like the following at you:

[2011-11-15 22:17:15 [INFO]] No session for session identifier ‘2:9CA87E6B20EE1E45F2637A82CD267198’ (User-Agent: ‘Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1’, IP: ‘’) – [2011-11-15 22:17:15] “GET /index HTTP/1.1” 404 184 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1”

Well don’t dispair, you need to change the instances of hunchentoot:acceptor you create to start hunchentoot to hunchentoot:easy-acceptor. This is because all those funky create-*-dispatcher[-*] functions (used by define-easy-handler and maybe you directly) now belong to the “easy-handler framework”.

(Thanx H4ns for pointing that out.)

Hunchentoot Webserver and Application Security

December 22, 2010

I had the opportunity to have the security of the Hunchentoot lisp web server set-up, from the previous post, and a web application using Hunchentoot reviewed by a reputable firm. In short this is what they had to say:

“it would appear that the server administrators should be commended for their network-level hardening of the target system”

Its not a hundred percent clean bill of health because only automated testing was used with some manual interventions to validate the auto testing.


Lisp Web Server From Scratch using Hunchentoot and Nginx

November 9, 2010

**************************I tried my setup on Ubuntu 13.10 server and had some issues so I decided to update this article, unfortunately I dont have the time to rewrite it so I am just hacking the bits that where issues on Ubuntu 13.10**********************

So you want your own lisp web server to hack away at but where do you start? Well don’t despair, what follows is a recipe for getting such a server running in no time. (Don’t worry you won’t be coding it from scratch you will be building it with a “software lego” set.)

Much of what you will see here was taken from different websites especially these two great articles and These articles do a better job of explaining what is afoot than my posting here. Please do go to these articles and show your appreciation for the hard work that went into them by leaving a comment.

All that I am doing is giving you an A to Z recipe in one place to get you going.

There are a lot of good articles in the slicehost articles collection as well that are worth a read on their own if you want to understand more about the iptables and stuff.


Hunchentoot & Postmodern Quicky

February 23, 2009

I have only been using hunchentoot and lisp seriously for a few months. I AM NO expert in lisp or hunchentoot so please feel free to correct and/or chastize me regarding anything in this little piece.

Firstly get everything you need installed! (Script to follow one day…)

The example website uses hunchentoot 1.0 and postmodern, I tried to include a variety of features that you would find on a average website, stuff like style sheets, javascript, images, some db integration and of course a kewl “made with lisp” logo from

The example has 2 pages for now, a login and home page with all the user and roles plumbing needed. The roles and user stuff comes form a postgresql database and we use postmodern to get to it. In a follow up piece I will add a biographical screen, displaying the data in a grid with all its parafinalia (editing, paging, search etc).

This piece is not for absolute newbie’s but for some one that has the basics of lisp and just wants to see hunchentoot and postmodern in action together.

For now I am only adding the code needed. I will keep on hacking away at it till it looks more like a tutorial.