Lennart Regebro wrote:
Tres Seaver wrote:
Here is what I just did:
1. Created a folder, 'pas_test' in the root of my Zope, with a minimal 'index_html'.
2. Changed its security settings, removing "acquire" from the "View" permission and granting "View" to "Manager" and "Owner".
3. Verified that I could not view the folder as anonymous (got an HTTP basic auth challenge).
4. Added a PluggableAuthService, with the following plugins (all interfaces activated for each plugin):
- 'basic_auth', an HTTPBasicAuthHelper
- 'zodb_users', a ZODBUserManger
- 'zodb_roles', a ZODBRoleManager
5. In 'zodb_users', created a new user, 'tseaver'.
6. In 'zodb_roles', granted the "Owner" role to 'tseaver'.
7. Reloaded the anonymous window, got challenged, entered 'tseaver' and the password, and saw the page.
OK, thanks, this is what I discovered after doing this:
1. After I do all your stuff above, when I remove the HTTPBasicAuthHelper everything still works. I can still log in, even though there is no credential extractor active. That makes no sense.
I think there is a "fallback" for the case when no other plugin is registerd.
2. After I create my plugin, it still gets no calls...
Hmm, can you trace through the 'validate' method of the PAS? It tends to suppress exceptions raised by plugins (so that a broken one doesn't lock you out).
However, BasicAuthentication stops working.
Right, that would fit with my "fallback" memory.
So now at least I know that PAS is involved in what happens.
Tres. -- =============================================================== Tres Seaver tseaver@zope.com Zope Corporation "Zope Dealers" http://www.zope.com