I have tried using the verbose-security option in Zope 2.8.6. I cannot see that it is actually doing anything different from the standard security. I have previously used VerboseSecurity and know what the error log should look like. in my zope.conf security-policy-implementation PYTHON verbose-security on I am sure that zope.conf is being read, because if I type in invalid values, I see error messages on startup. I am using Plone 2.1.2. When I access an object that I do not have permission I get the following error message: Time 2006/03/24 12:32:51.623 GMT+1 User Name (User Id) jc (jc) Request URL http://bla.bla/Bla/folder_listing Exception Type Unauthorized Exception Value Not authorized to access binding: context Traceback... I somehow expected a little more. I expected to be told what permissions I needed, and what permissions I had. Can anyone tell me if I am doing anything wrong? Jeremy -- Jeremy.Cook@bccs.uib.no tlf: +47 55 58 40 65 Parallab Bergen Centre for Computational Science
Jeremy Cook wrote at 2006-3-24 16:45 +0100:
I have tried using the verbose-security option in Zope 2.8.6. I cannot see that it is actually doing anything different from the standard security.
You probably should reconfigure your "error_log" object to not disable "Unauthorized" exceptions and then look there. Moreover, you should probably send Plone related questions to the Plone mailing list (Plone probably intercepts the "Unauthorized" response and turns it into a redirect). -- Dieter
Jeremy Cook wrote:
Can anyone tell me if I am doing anything wrong?
Well, you're using Plohn for starters <0.5 wink> I suspect an unauthorized binding is something that verbose security does not cater too well for. Patches accepted... Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
Thanks for answering, however I think that the problem is simply that verbose-security is not working. I have a new install of zope 2.8.6, I make a folder, I make index_html, I change the security on this so that it can only be read by manager. I go to error log and allow 'Unuathorized' to be logged, and then I try to access index_html. All I then see in the log file is: Exception traceback Time 2006/03/29 11:02:41.424 GMT+2 User Name (User Id) Anonymous User (None) Request URL http://bla.bla/test/index_html Exception Type Unauthorized Exception Value <strong>You are not authorized to access this resource.</strong> Traceback (innermost last): Module ZPublisher.Publish, line 105, in publish Module ZPublisher.BaseRequest, line 461, in traverse Module ZPublisher.HTTPResponse, line 685, in unauthorized Unauthorized: <strong>You are not authorized to access this resource.</strong> I somehow expected a more detailed description 'you need permissions blahdy bla' , and in this context you have 'da di da' etc. I think somehow verbose-security is not working for me. Has anyone tried it? Jeremy On Sat, 2006-03-25 at 00:30 +0000, Chris Withers wrote:
Jeremy Cook wrote:
Can anyone tell me if I am doing anything wrong?
Well, you're using Plohn for starters <0.5 wink>
I suspect an unauthorized binding is something that verbose security does not cater too well for. Patches accepted...
Chris
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeremy Cook wrote:
Thanks for answering, however I think that the problem is simply that verbose-security is not working. I have a new install of zope 2.8.6, I make a folder, I make index_html, I change the security on this so that it can only be read by manager. I go to error log and allow 'Unuathorized' to be logged, and then I try to access index_html.
All I then see in the log file is:
Exception traceback
Time 2006/03/29 11:02:41.424 GMT+2 User Name (User Id) Anonymous User (None) Request URL http://bla.bla/test/index_html Exception Type Unauthorized Exception Value <strong>You are not authorized to access this resource.</strong>
Traceback (innermost last):
Module ZPublisher.Publish, line 105, in publish Module ZPublisher.BaseRequest, line 461, in traverse Module ZPublisher.HTTPResponse, line 685, in unauthorized Unauthorized: <strong>You are not authorized to access this resource.</strong>
I somehow expected a more detailed description 'you need permissions blahdy bla' , and in this context you have 'da di da'
etc.
I think somehow verbose-security is not working for me. Has anyone tried it?
Just a guess, but be sure to enable the Python security policy, as well as verbose security, in zope.conf: security-policy-implementation python verbose-security on Tres. - -- =================================================================== Tres Seaver +1 202-558-7113 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEKp3q+gerLs4ltQ4RAvYjAJ0RWMH8PreO9tskx/zP9ks3umL/OACcDFcW o6wVtMEcjmEHtkXBZVVoZ3o= =YuQy -----END PGP SIGNATURE-----
participants (4)
-
Chris Withers -
Dieter Maurer -
Jeremy Cook -
Tres Seaver