[Zope] User Role, Authentication, HTTP

[Hung Jung Lu]

Hi,

I have the following situation:

(1) I'd like to use Zope's security model, so I can prevent
    unauthorized users from accessing contents in subfolders.

(2) I want to keep user name and password in a database,
    not in acl_users folder. (Basically, I would like
    ZODB to be read-only. So I can't add users into acl_users,
    I have to add users into my own database.)

(3) I don't want to use the pop-up dialog box to enter the
    user name and password. I want to do it through HTTP
    form interface.

So, what can I do?

Is there a way in Python to tap into ZODB Authentication?
I mean, I could create a generic user for the purpose of
ZODB user authentication, and then activate the ZODB generic
user from the HTML authentication. Or is there a way to
add a role to the current AUTHENTICATED_USER, dynamically?
This problem seems common enough that people have probably
addressed it before.

Where can I find more information on manipulating Zope's
AUTHENTICATED_USER?

regards,

Hung Jung

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com