[Zope] manage

Dieter Maurer dieter@handshake.de
Fri, 1 Sep 2000 21:10:51 +0200 (CEST)


neeloy_saha writes:
 > .... authentication ....
 > 1.what is the python file which pops up that child window for entering
 > username and password ?
In plain vanilla Zope (i.e. without GUF, LoginManager or some other
login catcher)
Zope simply raises an Unauthorized exception.
This is turned into an HTTP Unauthorized response.
Your browser, upon receipt of such a response, pops up the dialog
and ask you for username and password.
It then automatically reissues the request.

 > 2.After u give the username and password what is the file / module name
 > against which  the username and password is authenticated.
For any request, Zope traverses the hierarchical WebSite object
guided by the request's URL. At the URL's end, it reaches
some object (or has raised a "NotFound" exception).
From that object, Zope looks back along its path for
objects that are able to authenticate some users.
Usually, these are objects that contain a "user folder", usually
called "acl_users".
Authentication is done by such a "user folder".
You find the code near the end of "ZPublisher.BaseRequest.traverse".

A user folder has a method "validate".
It gets the request, authentication information and
(optionally) the list of roles necessary to access the target
object. It returns a user object, if it can one authenticate
for the given authentication information and with the required
roles, otherwise, it returns None.
If it return None, Zope looks furhter up in the path.
If it reaches the end without being able to authenticate
the user, it raises an Unauthorized exception (this leads to 1) above).

You find Zope's vanilla user folder in "AccessControl.User.UserFolder".

 > 3.what is this 'manage'....? method/module???
There is none.



Dieter