[Zope-dev] Re: Developing plugins for PluggableAuthService

Tres Seaver tseaver at zope.com
Fri Aug 27 12:35:19 EDT 2004


Lennart Regebro wrote:
> Tres Seaver wrote:
> 
>> The machinery won't be invoked for requests which don't need to 
>> validate (e.g., for resources viewable by Anonymous).  Could that be 
>> the case for you?
> 
> 
> No. Closer inspection seems to show that I actually don't get PAS to do 
> anything at all. It is simply ignored, unless I put it into the root, in 
> which case I can't do anything, since it doesn't care of emergency_user.
> 
> So I'm completely stumped.

Here is what I just did:

  1. Created a folder, 'pas_test' in the root of my Zope, with a
     minimal 'index_html'.

  2. Changed its security settings, removing "acquire" from the "View"
     permission and granting "View" to "Manager" and "Owner".

  3. Verified that I could not view the folder as anonymous (got an
     HTTP basic auth challenge).

  4. Added a PluggableAuthService, with the following plugins (all
     interfaces activated for each plugin):

     - 'basic_auth', an HTTPBasicAuthHelper

     - 'zodb_users', a ZODBUserManger

     - 'zodb_roles', a ZODBRoleManager

  5. In 'zodb_users', created a new user, 'tseaver'.

  6. In 'zodb_roles', granted the "Owner" role to 'tseaver'.

  7. Reloaded the anonymous window, got challenged, entered
     'tseaver' and the password, and saw the page.


Tres.
-- 
===============================================================
Tres Seaver                                tseaver at zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com



More information about the Zope-Dev mailing list