[Zope-dev] Re: Developing plugins for PluggableAuthService
Tres Seaver
tseaver at zope.com
Fri Aug 27 12:35:19 EDT 2004
Lennart Regebro wrote:
> Tres Seaver wrote:
>
>> The machinery won't be invoked for requests which don't need to
>> validate (e.g., for resources viewable by Anonymous). Could that be
>> the case for you?
>
>
> No. Closer inspection seems to show that I actually don't get PAS to do
> anything at all. It is simply ignored, unless I put it into the root, in
> which case I can't do anything, since it doesn't care of emergency_user.
>
> So I'm completely stumped.
Here is what I just did:
1. Created a folder, 'pas_test' in the root of my Zope, with a
minimal 'index_html'.
2. Changed its security settings, removing "acquire" from the "View"
permission and granting "View" to "Manager" and "Owner".
3. Verified that I could not view the folder as anonymous (got an
HTTP basic auth challenge).
4. Added a PluggableAuthService, with the following plugins (all
interfaces activated for each plugin):
- 'basic_auth', an HTTPBasicAuthHelper
- 'zodb_users', a ZODBUserManger
- 'zodb_roles', a ZODBRoleManager
5. In 'zodb_users', created a new user, 'tseaver'.
6. In 'zodb_roles', granted the "Owner" role to 'tseaver'.
7. Reloaded the anonymous window, got challenged, entered
'tseaver' and the password, and saw the page.
Tres.
--
===============================================================
Tres Seaver tseaver at zope.com
Zope Corporation "Zope Dealers" http://www.zope.com
More information about the Zope-Dev
mailing list