[Zope-PAS] Struggling with 'challenge' support.
Tino Wildenhain
tino at wildenhain.de
Thu Sep 23 10:13:42 EDT 2004
Hi,
Am Do, den 23.09.2004 schrieb Lennart Regebro um 15:53:
> Mark Hammond wrote:
> >>Ah... I tried overriding _unauthorized before, but that has other
> >>problems.
> >
> > What problems specifically?
>
> See my later mail. Summary:
> - Raising exceptions do not work when called from exception(), so that
> solution doesn't work.
> - Many changes to the response gets overridden later in exception(), so
> that solution has some problems too.
>
> >>Nope, that doesn't work either, because response.exception will continue
> >>to do a lot of changes on the response. You can not change an
> >>Unauthorized into a Redirect, for example, and that is a basic
> >>requirement.
> >
> > Why is that? I see no reason why issuing a challenge should cause a
> > redirect.
>
> That is the most common use case: Redirecting to a login page. That is
> what 99% of users that require something else than a 401 response will use.
I see no reason of the 99% here. Redirect really opens a can of worms.
Its just most of the basic-auth alternatives these days work with
redirect, but we all know why.
Its much more elegant to use a login page in place. This means
nicer URLs and we all love nice URLs - thats one of the reasons
for using Zope ;)
Tino.
More information about the Zope-PAS
mailing list