[Zope-PAS] Struggling with 'challenge' support.
Lennart Regebro
regebro at nuxeo.com
Thu Sep 23 06:40:09 EDT 2004
Lennart Regebro wrote:
> Trapping "raise Unauthorized" and making that into a
> generic challenge behaviour will require replacing response.exception
> completely.
A fairly simple change will do it, but it is, as usual, in the middle of
a big fudging method. :(
I replaced exception() with a version that instead of calling
_unathorized call pas.challenge(), and then simply does a "return
response" afterwards. That works but, but... It's not very neat and will
ignore any 'fatal' setting, and so on...
Possible solutions:
The challenge doesn't actually change the response, but returns a
dictionary of headers and a body.
Or, it return t and v, where t is the response type, that is 401 or 302,
or whatever, and v is the url in the case of a redirect and the body in
the case of a 401. That means you don't actually change the response
directly, but you still have pretty good control over it. For example,
it is possible to just return a login form (as opposed to redirecting
to it).
Thoughts on this?
Man, I need coffee.
More information about the Zope-PAS
mailing list