[Grok-dev] Authorization issue With grokproject created instance and wsgi
Michael Haubenwallner
michael at d2m.at
Thu Mar 5 08:34:54 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Uli Fouquet wrote:
> Hi there,
>
> Michael Haubenwallner wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Uli Fouquet wrote:
>>> Currently the default view of grokui.admin redirects to 'applications'
>>> view. We could make it display a more or less empty, public entry page
>>> with a link to @@login.html. This wouldn't fix the actual problem, but
>>> most new users would not get stuck on initial use of debug.ini.
>>>
>> We could register a 'login.html' and after successful login redirect to
>> /applications.
>
> Unfortunately you're not done dropping a login.html. The appropriate
> template has to be registered with the main authentication utility and
> in the authentication utility you have to enable session based
> authentication first.
>
> I already tried to introduce that some time ago and it resulted in
> terrrible side effects like users not able to login after an update etc.
>
> I'd prefer not to fiddle around with the PAU.
>
> In the beginning I thought that session-based authentication is enabled
> automatically, but this seems not to be true.
>
> What we could do instead: in the (then public) index-view check, whether
> the user is authenticated and if not, redirect to '@@login.html', which
> also pops up a basic-auth box but also works with the debugger.
>
> For some reason (I'd be interested to know, but yet don't) in this case
> basic-auth works without triggering an Unauthorized exception.
>
> This fix could be done with two or three lines of code and would at
> least enable people to go to 'localhost:8080' and authenticate
> themselves.
>
> Other protected URLs would, however, still trigger the debugger.
>
> What do you think?
>
I am fine with your suggestion.
Regards
Michael
- --
http://blog.d2m.at
http://planetzope.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJr9T+l0uAvQJUKVYRApUTAKC8pYUT+G8rtG6sg7bQtNZLsRQXiwCeKJjm
4SK+ZmrWO5mu4iDDxYZHJMA=
=X1ip
-----END PGP SIGNATURE-----
More information about the Grok-dev
mailing list