Why am I getting this on my zope 2.8.5?? 2006-07-27 10:34:07 ERROR Zope.SiteErrorLog http://localhost:8080/test/Real/MoreStatistics/index_html Traceback (most recent call last): File "/usr/HOME/peterbe/zope/zope285/lib/python/ZPublisher/Publish.py", line 104, in publish object=request.traverse(path, validated_hook=validated_hook) File "/usr/HOME/peterbe/zope/zope285/lib/python/ZPublisher/BaseRequest.py", line 461, in traverse response.unauthorized() File "/usr/HOME/peterbe/zope/zope285/lib/python/ZPublisher/HTTPResponse.py", line 685, in unauthorized raise Unauthorized, m Unauthorized: <strong>You are not authorized to access this resource.</strong><p> Username and password are not correct. If I try to reach the Control_Panel and hit Esc when the login popup appears I get a proper VerboseSecurity. The method MoreStatistics/index_html is defined like this:: class MoreStatistics(...): blabla # set security on things after security = ClassSecurityInfo() # VIEW_PERMISSION = 'View' security.declareProtected(VIEW_PERMISSION, 'index_html') security.apply(MoreStatistics) InitializeClass(MoreStatistics) Does anybody know why some and not other Unauthorized exceptions are trapped through VerboseSecurity -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com
Peter Bengtsson wrote at 2006-7-27 10:51 +0100:
Why am I getting this on my zope 2.8.5??
2006-07-27 10:34:07 ERROR Zope.SiteErrorLog http://localhost:8080/test/Real/MoreStatistics/index_html Traceback (most recent call last): File "/usr/HOME/peterbe/zope/zope285/lib/python/ZPublisher/Publish.py", line 104, in publish object=request.traverse(path, validated_hook=validated_hook) File "/usr/HOME/peterbe/zope/zope285/lib/python/ZPublisher/BaseRequest.py", line 461, in traverse response.unauthorized() File "/usr/HOME/peterbe/zope/zope285/lib/python/ZPublisher/HTTPResponse.py", line 685, in unauthorized raise Unauthorized, m Unauthorized: <strong>You are not authorized to access this resource.</strong><p> Username and password are not correct.
This "Unauthorized" is not generated by Zope security mechanism but by the ZPublisher. Apparently, "VerboseSecurity" does not hook in the ZPublisher. -- Dieter
On Thursday 27 July à 20:10, Dieter Maurer wrote:
Peter Bengtsson wrote at 2006-7-27 10:51 +0100:
Why am I getting this on my zope 2.8.5??
2006-07-27 10:34:07 ERROR Zope.SiteErrorLog http://localhost:8080/test/Real/MoreStatistics/index_html Traceback (most recent call last): File "/usr/HOME/peterbe/zope/zope285/lib/python/ZPublisher/Publish.py", line 104, in publish object=request.traverse(path, validated_hook=validated_hook) File "/usr/HOME/peterbe/zope/zope285/lib/python/ZPublisher/BaseRequest.py", line 461, in traverse response.unauthorized() File "/usr/HOME/peterbe/zope/zope285/lib/python/ZPublisher/HTTPResponse.py", line 685, in unauthorized raise Unauthorized, m Unauthorized: <strong>You are not authorized to access this resource.</strong><p> Username and password are not correct.
This "Unauthorized" is not generated by Zope security mechanism but by the ZPublisher.
Apparently, "VerboseSecurity" does not hook in the ZPublisher.
VerboseSecurity is included in zope 2.8.x and it seems like having the zope 2.7 VerboseSecurity product into a zope 2.8 instance break the security machinery. -- Sylvain Thénault LOGILAB, Paris (France) Formations Python, Zope, Plone, Debian: http://www.logilab.fr/formations Développement logiciel sur mesure: http://www.logilab.fr/services Python et calcul scientifique: http://www.logilab.fr/science
Hi I couldn't install VerboseSecurity on Zope 2.8.7 and Plone 2.1.3 - *URL: file:ResourceRegistries/skins/ResourceRegistries/renderAllTheScripts.pt * *Line 10, Column 16* *Expression: not:'script/getInline'* *Names:* {'container': <PloneSite at /test>, 'context': <PloneSite at /test>, 'default': <Products.PageTemplates.TALES.Default instance at 0x0110BAF8>, 'here': <PloneSite at /test>, 'loop': <Products.PageTemplates.TALES.SafeMapping object at 0x04F2CB98>, 'modules': <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter instance at 0x010F6D28>, 'nothing': None, 'options': {'args': (), 'state': <Products.CMFFormController.ControllerState.ControllerState object at 0x04F2F150>}, 'repeat': <Products.PageTemplates.TALES.SafeMapping object at 0x04F2CB98>, 'request': <HTTPRequest, URL= http://localhost:8080/test/login_form>, 'root': <Application at >, 'template': <FSControllerPageTemplate at /test/login_form>, 'traverse_subpath': [], 'user': trip} - Module Products.PageTemplates.Expressions, line 246, in __call__ - Module Products.PageTemplates.TALES, line 221, in evaluate *URL: file:ResourceRegistries/skins/ResourceRegistries/renderAllTheScripts.pt * *Line 10, Column 16* *Expression: standard:'script/getInline'* *Names:* {'container': <PloneSite at /test>, 'context': <PloneSite at /test>, 'default': <Products.PageTemplates.TALES.Default instance at 0x0110BAF8>, 'here': <PloneSite at /test>, 'loop': <Products.PageTemplates.TALES.SafeMapping object at 0x04F2CB98>, 'modules': <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter instance at 0x010F6D28>, 'nothing': None, 'options': {'args': (), 'state': <Products.CMFFormController.ControllerState.ControllerState object at 0x04F2F150>}, 'repeat': <Products.PageTemplates.TALES.SafeMapping object at 0x04F2CB98>, 'request': <HTTPRequest, URL= http://localhost:8080/test/login_form>, 'root': <Application at >, 'template': <FSControllerPageTemplate at /test/login_form>, 'traverse_subpath': [], 'user': trip} - Module Products.PageTemplates.Expressions, line 185, in __call__ - Module Products.PageTemplates.Expressions, line 173, in _eval - Module Products.PageTemplates.Expressions , line 127, in _eval __traceback_info__: script - Module Products.PageTemplates.Expressions, line 313, in restrictedTraverse __traceback_info__: {'path': ['getInline'], 'TraversalRequestNameStack': []} - Module Products.VerboseSecurity.VerboseSecurityPolicy, line 151, in validate On 8/16/06, Sylvain Thénault <sylvain.thenault@logilab.fr> wrote:
On Thursday 27 July à 20:10, Dieter Maurer wrote:
Peter Bengtsson wrote at 2006-7-27 10:51 +0100:
Why am I getting this on my zope 2.8.5??
2006-07-27 10:34:07 ERROR Zope.SiteErrorLog http://localhost:8080/test/Real/MoreStatistics/index_html Traceback (most recent call last): File "/usr/HOME/peterbe/zope/zope285/lib/python/ZPublisher/Publish.py", line 104, in publish object=request.traverse(path, validated_hook=validated_hook) File "/usr/HOME/peterbe/zope/zope285/lib/python/ZPublisher/BaseRequest.py", line 461, in traverse response.unauthorized() File "/usr/HOME/peterbe/zope/zope285/lib/python/ZPublisher/HTTPResponse.py", line 685, in unauthorized raise Unauthorized, m Unauthorized: <strong>You are not authorized to access this resource.</strong><p> Username and password are not correct.
This "Unauthorized" is not generated by Zope security mechanism but by the ZPublisher.
Apparently, "VerboseSecurity" does not hook in the ZPublisher.
VerboseSecurity is included in zope 2.8.x and it seems like having the zope 2.7 VerboseSecurity product into a zope 2.8 instance break the security machinery.
-- Sylvain Thénault LOGILAB, Paris (France) Formations Python, Zope, Plone, Debian: http://www.logilab.fr/formations Développement logiciel sur mesure: http://www.logilab.fr/services Python et calcul scientifique: http://www.logilab.fr/science
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
-- michael
As Sylvain already mentioned (see the end of your message below) Verbose Security is already included in Zope 2.8x. I imagine that trying to install it again would cause some problems. Jonathan ----- Original Message ----- From: michael nt milne To: zope list user Sent: Friday, August 25, 2006 4:54 PM Subject: Re: [Zope] VerboseSecurity not working Hi I couldn't install VerboseSecurity on Zope 2.8.7 and Plone 2.1.3 a.. URL: file:ResourceRegistries/skins/ResourceRegistries/renderAllTheScripts.pt Line 10, Column 16 Expression: not:'script/getInline' Names: {'container': <PloneSite at /test>, 'context': <PloneSite at /test>, 'default': <Products.PageTemplates.TALES.Default instance at 0x0110BAF8>, 'here': <PloneSite at /test>, 'loop': <Products.PageTemplates.TALES.SafeMapping object at 0x04F2CB98>, 'modules': <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter instance at 0x010F6D28>, 'nothing': None, 'options': {'args': (), 'state': <Products.CMFFormController.ControllerState.ControllerState object at 0x04F2F150>}, 'repeat': <Products.PageTemplates.TALES.SafeMapping object at 0x04F2CB98>, 'request': <HTTPRequest, URL= http://localhost:8080/test/login_form>, 'root': <Application at >, 'template': <FSControllerPageTemplate at /test/login_form>, 'traverse_subpath': [], 'user': trip}b.. Module Products.PageTemplates.Expressions, line 246, in __call__ c.. Module Products.PageTemplates.TALES, line 221, in evaluate URL: file:ResourceRegistries/skins/ResourceRegistries/renderAllTheScripts.pt Line 10, Column 16 Expression: standard:'script/getInline' Names: {'container': <PloneSite at /test>, 'context': <PloneSite at /test>, 'default': <Products.PageTemplates.TALES.Default instance at 0x0110BAF8>, 'here': <PloneSite at /test>, 'loop': <Products.PageTemplates.TALES.SafeMapping object at 0x04F2CB98>, 'modules': <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter instance at 0x010F6D28>, 'nothing': None, 'options': {'args': (), 'state': <Products.CMFFormController.ControllerState.ControllerState object at 0x04F2F150>}, 'repeat': <Products.PageTemplates.TALES.SafeMapping object at 0x04F2CB98>, 'request': <HTTPRequest, URL= http://localhost:8080/test/login_form>, 'root': <Application at >, 'template': <FSControllerPageTemplate at /test/login_form>, 'traverse_subpath': [], 'user': trip}d.. Module Products.PageTemplates.Expressions, line 185, in __call__ e.. Module Products.PageTemplates.Expressions, line 173, in _eval f.. Module Products.PageTemplates.Expressions , line 127, in _eval __traceback_info__: script g.. Module Products.PageTemplates.Expressions, line 313, in restrictedTraverse __traceback_info__: {'path': ['getInline'], 'TraversalRequestNameStack': []} h.. Module Products.VerboseSecurity.VerboseSecurityPolicy, line 151, in validate On 8/16/06, Sylvain Thénault <sylvain.thenault@logilab.fr> wrote: On Thursday 27 July à 20:10, Dieter Maurer wrote: > Peter Bengtsson wrote at 2006-7-27 10:51 +0100: > >Why am I getting this on my zope 2.8.5?? > > > >2006-07-27 10:34:07 ERROR Zope.SiteErrorLog > >http://localhost:8080/test/Real/MoreStatistics/index_html > >Traceback (most recent call last): > > File > >"/usr/HOME/peterbe/zope/zope285/lib/python/ZPublisher/Publish.py", line > >104, in publish > > object=request.traverse(path, validated_hook=validated_hook) > > File > >"/usr/HOME/peterbe/zope/zope285/lib/python/ZPublisher/BaseRequest.py", > >line 461, in traverse > > response.unauthorized() > > File > >"/usr/HOME/peterbe/zope/zope285/lib/python/ZPublisher/HTTPResponse.py", > >line 685, in unauthorized > > raise Unauthorized, m > >Unauthorized: <strong>You are not authorized to access this > >resource.</strong><p> > >Username and password are not correct. > > This "Unauthorized" is not generated by Zope security mechanism > but by the ZPublisher. > > Apparently, "VerboseSecurity" does not hook in the ZPublisher. VerboseSecurity is included in zope 2.8.x and it seems like having the zope 2.7 VerboseSecurity product into a zope 2.8 instance break the security machinery. -- Sylvain Thénault LOGILAB, Paris (France) Formations Python, Zope, Plone, Debian: http://www.logilab.fr/formations Développement logiciel sur mesure: http://www.logilab.fr/services Python et calcul scientifique: http://www.logilab.fr/science _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) -- michael ------------------------------------------------------------------------------ _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 michael nt milne wrote:
Hi
I couldn't install VerboseSecurity on Zope 2.8.7 and Plone 2.1.3
You don't need it. The functionality is folded into Zope 2.8.x. See the 'verbose-security' option in the skeleton zope.conf. Tres. - -- =================================================================== Tres Seaver +1 202-558-7113 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE73CO+gerLs4ltQ4RAqo7AKCjuPcG1oY1+7bsjM2aJjiYAlOaTwCgs30Y N+TitNEuqXWS7UIBH4o1R94= =3K33 -----END PGP SIGNATURE-----
--On 25. August 2006 17:50:06 -0400 Tres Seaver <tseaver@palladion.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
michael nt milne wrote:
Hi
I couldn't install VerboseSecurity on Zope 2.8.7 and Plone 2.1.3
You don't need it. The functionality is folded into Zope 2.8.x.
..which is clearly documented on the VS homepage :-) <http://hathawaymix.org/Software/VerboseSecurity> -aj
participants (7)
-
Andreas Jung -
Dieter Maurer -
Jonathan -
michael nt milne -
Peter Bengtsson -
Sylvain Thénault -
Tres Seaver