always anonymous user despite basic authentication
(notice I changed the subject line) Well, thanks to all the advice but upgrading to 2.5.1 is still showing 'Anonymous User' though I just authenticate via the browser interface. I could change things around and create the dtml stand-alone but I use extensive use of traverse_subpath. In doing this, for some reason, I lose this REQUEST variable. Scott Pierce Sonopress US - Digital Services 828.658.6157
On Mon, May 20, 2002 at 04:40:00PM -0400, Pierce, Scott wrote:
(notice I changed the subject line) Well, thanks to all the advice but upgrading to 2.5.1 is still showing 'Anonymous User' though I just authenticate via the browser interface.
I could change things around and create the dtml stand-alone but I use extensive use of traverse_subpath. In doing this, for some reason, I lose this REQUEST variable.
Go to the folder in question. Uncheck "Acquire permission settings", and check in the Authenticated column for "View". That is, you want to make sure that Anonymous cannot get view, even by acquisition. Jim Penny
Scott Pierce Sonopress US - Digital Services 828.658.6157
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
I'm using Zope 2.5.1 and python 2.1.1 under solaris I have a setup like this: /root acl_users # standard root UserFolder. Has a 'guest' account /protected hello # simple dtml document acl_users # UserFolder. Has 'user1' account /sub test # simple dtml document For protected, hello, sub, and test I have modified permissions on 'view' by disabling 'acquire' and enabling 'authenticated'. Anonymous, manager, and owner are cleared. Neither guest nor user1 owns any objects on the server. When I visit hello, I am prompted for a password. 'user1' works fine. 'guest' also works, which doesn't make sense to me since I disabled acquisition. The test document exhibits the same behavior. Is it possible to make hello (or test) NOT recognize authentication from the root acl_users folder? I understand it might not be a great idea (as it would cripple administration) but it sure is odd. Charlie Reiman
Pierce, Scott wrote:
(notice I changed the subject line) Well, thanks to all the advice but upgrading to 2.5.1 is still showing 'Anonymous User' though I just authenticate via the browser interface.
I could change things around and create the dtml stand-alone but I use extensive use of traverse_subpath. In doing this, for some reason, I lose this REQUEST variable.
Scott Pierce Sonopress US - Digital Services 828.658.6157
Hi Scott, Due to the way Zope does authentication, the AUTHENTICATED_USER is never checked or set until a security check is required. Make your folder / document / application / whatever require the "Authenticated" role and you should be set.
participants (4)
-
Charlie Reiman -
Jim Penny -
Matthew T. Kromer -
Pierce, Scott