[Zope-dev] Re: Developing plugins for PluggableAuthService

Tres Seaver tseaver at zope.com
Fri Aug 27 12:57:55 EDT 2004


Lennart Regebro wrote:
> Tres Seaver wrote:
> 
>> Here is what I just did:
>>
>>  1. Created a folder, 'pas_test' in the root of my Zope, with a
>>     minimal 'index_html'.
>>
>>  2. Changed its security settings, removing "acquire" from the "View"
>>     permission and granting "View" to "Manager" and "Owner".
>>
>>  3. Verified that I could not view the folder as anonymous (got an
>>     HTTP basic auth challenge).
>>
>>  4. Added a PluggableAuthService, with the following plugins (all
>>     interfaces activated for each plugin):
>>
>>     - 'basic_auth', an HTTPBasicAuthHelper
>>
>>     - 'zodb_users', a ZODBUserManger
>>
>>     - 'zodb_roles', a ZODBRoleManager
>>
>>  5. In 'zodb_users', created a new user, 'tseaver'.
>>
>>  6. In 'zodb_roles', granted the "Owner" role to 'tseaver'.
>>
>>  7. Reloaded the anonymous window, got challenged, entered
>>     'tseaver' and the password, and saw the page.
> 
> 
> OK, thanks, this is what I discovered after doing this:
> 
> 1. After I do all your stuff above, when I remove the 
> HTTPBasicAuthHelper everything still works. I can still log in, even 
> though there is no credential extractor active. That makes no sense.

I think there is a "fallback" for the case when no other plugin is 
registerd.

> 2. After I create my plugin, it still gets no calls...

Hmm, can you trace through the 'validate' method of the PAS?  It tends 
to suppress exceptions raised by plugins (so that a broken one doesn't 
lock you out).

> However, BasicAuthentication stops working.

Right, that would fit with my "fallback" memory.

> So now at least I know that PAS is involved in what happens.

Tres.
-- 
===============================================================
Tres Seaver                                tseaver at zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com


More information about the Zope-Dev mailing list