[Zope-dev] Unauthorized handling in Zope2

[yuppie]

Hi!


Wichert Akkerman wrote:
> I can't get an Unauthorized exception view to work with current Zope
> 2.12 svn. My approach was:
>
> - add a dummy PAS challenge plugin which does nothing, effectively
>     delegating everything to my Unauthorized exception view
> - register a browser view for Unauthorized and return a proper error
>     message there
>
> unexpectedly the result is a stock Zope2 site error page. What seems to
> happen is that everything works correctly, up to this point the
> zpublisher exception hook in Zope2.App.startup:
>
>       if issubclass(t, Unauthorized):
>           # Re-raise Unauthorized to make sure it is handled
>           # correctly. We can't do that with all exceptions
>           # because some don't work with the rendered v as
>           # argument.
>           raise t, v, traceback
>
> v is the html as generated by my view. Reraising the exception transfers
> control to the bare except in
> ZPublisher.Publish.publish_module_standard, which generates the standard
> site error page and returns that.

I would have expected that HTTPResponse.exception uses v as the body of 
the returned page. Without further information I can't tell you why that 
doesn't work in your case.

> What is the reason for re-raising Unauthorized there? There is no
> special processing for it anywhere up in the call stack, so I can see no
> benefit to it. If I remove that code block so we always return the
> result of the view everything works as I would expect.

I tried to fix the bug discussed in comments #15ff of
https://bugs.launchpad.net/zope2/+bug/372632


Cheers,

	Yuppie