On 10 Feb 1999, Andrew Snare wrote:
It would appear when doing user authentication that ZServer doesn't include a Www-Authenticate header in the 401 response, meaning that (amongst other things) that __bobo_realm__ isn't passed on to the browser.
I bet I know what's going on here... ZServer probably raises an Unauthorized exception and this causes it to skip the code that puts the WWW-authenticate in the headers. I found this after running into a similar problem with Bobo (my realm wasn't getting set, which I needed). I was raising an Unauthorized exception in my validation method (the method that gets called to authenticate the users). The exception isn't caught by the code in ZPublisher.Publish (see below) and passes right through to the response code (in ZPublisher.Response). If this is the problem, a temporary fix might be to wrap the call to the validation in a try: except 'Unauthorized': ... check out lines 520-536 in ZPublisher.Publish. I would submit a patch, but I haven't had time to see if this would break anything else. The validate method gets called at line 520: else: user=v(request, auth, roles) ^-the validate method On line 535-536 is where the method gets called (self.unauthorized()) which puts the WWW-authenticate in the header... if user is None and roles != UNSPECIFIED_ROLES: self.unauthorized(realm,debug_mode) Hope this helps, --- John Eikenberry [jae@kavi.com - http://taos.kavi.com/~jae/] ______________________________________________________________ "A society that will trade a little liberty for a little order will deserve neither and lose both." --B. Franklin