On Tue, 2003-03-04 at 13:03, Dieter Maurer wrote:
Andrew Altepeter wrote at 2003-3-4 09:05 -0600:
I am working on integrating zope into the single sign-on auth. server we have. To do so, I started with the cookie_validate method in exUserFolder, modified it to suit, and placed it in my custom userFolder class.
Ok, so it is working great if you to a page that requires authentication. However, I have noticed a few quiry happenings here, and maybe you guys can help me out.
Sometimes, if I authenticate through the sso, and try access an object my user object doesn't have access do, I am sent a 401 Unauthorized with a Basic login window. This is not what I want!
If the user is logged in, but doesn't have access, I want to return a 'no access' page, and if the user is not logged not, then I want to redirect to the sso.
UserFolder's usually ensure this by overriding the "unauthorized" method of the RESPONSE object.
Have a look at CookieCrumber (as an example).
Ok, I see. It seems that exUserFolder is an incomplete product then, since it does not override the unauthorized method. As such, it cannot prevent Basic auth's from slipping through unannounced...? __________ Looking in CookieCrumbler.py, I see that the __call__ method replaces the response.unauth methods. But when I try to do that, I get a complaint from zope: File "/usr/local/Zope/lib/python/ZPublisher/HTTPResponse.py", line 662, in exception self._unauthorized() TypeError: unbound Python method must be called with PortalUserFolder 1st argument ---------- To replace the unauth methods, I do the following: In Products/PortalUserFolder/__init__.py, I do the following: from ZPublisher.HTTPResponse import HTTPResponse from PortalUserFolder import PortalUserFolder #patch the HTTPResponse object's unauth code HTTPResponse.old__unauthorized = HTTPResponse._unauthorized HTTPResponse._unauthorized = PortalUserFolder._unauthorized HTTPResponse.old_unauthorized = HTTPResponse.unauthorized HTTPResponse.unauthorized = PortalUserFolder.unauthorized Well, this doesn't seem to work. What am I doing wrong? Thanks for all the help, Andy
Dieter