[Zope-dev] Unauthorized handling in Zope2

[Wichert Akkerman]

I can't get an Unauthorized exception view to work with current Zope 
2.12 svn. My approach was:

- add a dummy PAS challenge plugin which does nothing, effectively
   delegating everything to my Unauthorized exception view
- register a browser view for Unauthorized and return a proper error
   message there

unexpectedly the result is a stock Zope2 site error page. What seems to 
happen is that everything works correctly, up to this point the 
zpublisher exception hook in Zope2.App.startup:

     if issubclass(t, Unauthorized):
         # Re-raise Unauthorized to make sure it is handled
         # correctly. We can't do that with all exceptions
         # because some don't work with the rendered v as
         # argument.
         raise t, v, traceback

v is the html as generated by my view. Reraising the exception transfers 
control to the bare except in 
ZPublisher.Publish.publish_module_standard, which generates the standard 
site error page and returns that.

What is the reason for re-raising Unauthorized there? There is no 
special processing for it anywhere up in the call stack, so I can see no 
benefit to it. If I remove that code block so we always return the 
result of the view everything works as I would expect.

Wichert.