[Zope-dev] Re: Developing plugins for PluggableAuthService
Lennart Regebro
regebro at nuxeo.com
Fri Aug 27 12:50:43 EDT 2004
Tres Seaver wrote:
> Here is what I just did:
>
> 1. Created a folder, 'pas_test' in the root of my Zope, with a
> minimal 'index_html'.
>
> 2. Changed its security settings, removing "acquire" from the "View"
> permission and granting "View" to "Manager" and "Owner".
>
> 3. Verified that I could not view the folder as anonymous (got an
> HTTP basic auth challenge).
>
> 4. Added a PluggableAuthService, with the following plugins (all
> interfaces activated for each plugin):
>
> - 'basic_auth', an HTTPBasicAuthHelper
>
> - 'zodb_users', a ZODBUserManger
>
> - 'zodb_roles', a ZODBRoleManager
>
> 5. In 'zodb_users', created a new user, 'tseaver'.
>
> 6. In 'zodb_roles', granted the "Owner" role to 'tseaver'.
>
> 7. Reloaded the anonymous window, got challenged, entered
> 'tseaver' and the password, and saw the page.
OK, thanks, this is what I discovered after doing this:
1. After I do all your stuff above, when I remove the
HTTPBasicAuthHelper everything still works. I can still log in, even
though there is no credential extractor active. That makes no sense.
2. After I create my plugin, it still gets no calls... However,
BasicAuthentication stops working.
So now at least I know that PAS is involved in what happens.
More information about the Zope-Dev
mailing list