[Zope-PAS] Challengers (and Zope 3)
Jim Fulton
jim at zope.com
Thu Sep 30 13:57:34 EDT 2004
Jim Fulton wrote:
>
...
> Let me see if I can state this correctly and clearly. For
> lack of a better term, I'll say that there can be multiple
> protocols for making challenges. Examples of protocols include
> HTTP Authentication and Cookie-based authentication. There
> are undoubtably other protocols, although I don't know of
> any off hand. ;) Generally, protocols are not compatible with
> each other. (This is hard to say for sure, but for the protocols
> we have, this is the case. :). Therefore, we don't want to issue
> challenges for multiple protocols.
OK, this idea seems to have some potential. I suggest the following
algoritm then:
# PAS challenge algorithm:
protocol = None
for chalenger in challengers:
protocol = challenger.challenge(request, response, protocol)
if protocol is None:
# no challengers fired
... do fallback thing
Challenge methods, then, should be written along the lines of:
def challenge(self, request, response, protocol):
if protocol is None:
... do stuff (e.g. set response status for http)
return self.protocol
elif protocol == self.protocol
... do other stuff, often a subset of stuff
... done when protocol is None (e.g. for http, don't set
... 401 status)
# we do nothing if protocol doesn't match
return protocol
How does this sound?
I'll be a sprint next week where I think we can try this out for
basic, digest, and cookie/redirect challengers, where basic and digest
auth would use the http protocol.
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope-PAS
mailing list