Catch Unauthorized exception and internal redirect to login DTML doc
I'm using exUserFolder to do cookie-based authentication. When a resource is accessed without authentication, an Unauthorized exception is generated. At present, I have a couple of lines in standard_html_header that do an HTTP redirect to the login form: <META HTTP-EQUIV=Expires CONTENT="<dtml-var "ZopeTime()-1" fmt="%Y-%m-%d">"> <META HTTP-EQUIV=Refresh CONTENT="0; URL=&dtml-URL1;/acl_users/redirectToLogin?destination=&dtml-URL;<dtml-if "REQUEST.has_key('authFailedCode')">&authFailedCode=&dtml-authFailedCode;</dtml-if>"> This does a browser redirect to the login form, but not before the visitor sees the error page. How can I get Zope to do an internal redirect to my login form when an Unauthorized exception is generated? Thanks for any tips or pointers! David Trudgett
On Thu, May 30, 2002 at 12:07:41PM +1000, David K. Trudgett wrote:
How can I get Zope to do an internal redirect to my login form when an Unauthorized exception is generated?
either of these: RESPONSE.redirect("my_url") REQUEST['RESPONSE'].redirect("my_url") I also recall that there's a second optional arg to redirect, called lock, which is either true or false and I forget what it's for offhand. -- Paul Winkler home: http://www.slinkp.com "Muppet Labs, where the future is made - today!"
On Thursday 2002-05-30 at 01:30:22 -0400, Paul Winkler wrote:
On Thu, May 30, 2002 at 12:07:41PM +1000, David K. Trudgett wrote:
How can I get Zope to do an internal redirect to my login form when an Unauthorized exception is generated?
either of these:
RESPONSE.redirect("my_url") REQUEST['RESPONSE'].redirect("my_url")
This does a browser redirect, doesn't it? I'd prefer to do an internal redirect, if possible. Thanks. David Trudgett
On Friday 2002-05-31 at 08:37:02 +0100, Chris Withers wrote:
"David K. Trudgett" wrote:
This does a browser redirect, doesn't it? I'd prefer to do an internal redirect, if possible.
What do you mean by an 'internal redirect'?
Oops. Does that mean Zope doesn't do it? Perhaps the terminology is different in Zope. In mod_perl it's called an internal redirect. A normal HTTP redirect tells the browser to go look somewhere else for what it originally requested. An internal redirect results in URL X being served instead of URL Y (the requested URL). In this particular context, this is handy because I can display an authorisation page (login form) whenever a protected URL is requested, but without (a) suffering performance hit (from user's perspective) of having to go through the whole process of requesting another URL; or (b) having the actual URL of the login form displayed in the browser; or (c) having an error page flash up on the user's browser, potentially causing confusion. David Trudgett
participants (3)
-
Chris Withers -
David K. Trudgett -
Paul Winkler