[Zope-PAS] Struggling with 'challenge' support.

Tino Wildenhain tino at wildenhain.de
Thu Sep 23 10:13:42 EDT 2004


Hi,

Am Do, den 23.09.2004 schrieb Lennart Regebro um 15:53:
> Mark Hammond wrote:
> >>Ah... I tried overriding _unauthorized before, but that has other
> >>problems.
> > 
> > What problems specifically?
> 
> See my later mail. Summary:
> - Raising exceptions do not work when called from exception(), so that 
> solution doesn't work.
> - Many changes to the response gets overridden later in exception(), so 
> that solution has some problems too.
> 
> >>Nope, that doesn't work either, because response.exception will continue
> >>to do a lot of changes on the response. You can not change an
> >>Unauthorized into a Redirect, for example, and that is a basic
> >>requirement.
> > 
> > Why is that?  I see no reason why issuing a challenge should cause a
> > redirect.
> 
> That is the most common use case: Redirecting to a login page. That is 
> what 99% of users that require something else than a 401 response will use.

I see no reason of the 99% here. Redirect really opens a can of worms.
Its just most of the basic-auth alternatives these days work with 
redirect, but we all know why.

Its much more elegant to use a login page in place. This means
nicer URLs and we all love nice URLs - thats one of the reasons 
for using Zope ;)

Tino.



More information about the Zope-PAS mailing list