[Zope-dev] question: forcing https for authentication
Dieter Maurer
dieter@handshake.de
Fri, 17 Jan 2003 20:29:50 +0100
Oliver Bleutgen wrote at 2003-1-17 18:02 +0100:
> Dieter Maurer wrote:
> > You might use a "SiteAccess" access rule.
>
> Dieter, thanks for the suggestion. But I don't see how SiteAccess could
> help me here, maybe I'm missing something.
>
> Basically, what I want to do is to prevent zope from ever sending a
> unauthorized response to a clear text http request,
In your AccessRule, you can customize the
the "_unauthorized" method of the RESPONSE object.
The AccessRule must be implemented in an External Method
in order to be able to change "RESPONSE._unauthorized".
You can look at Cookie Crumbler. It uses a similar technique
to prevent an Unauthorized response and rather display its
login form.
Dieter