[Zope] authentication problem

Anthony Baxter Anthony Baxter <anthony@interlink.com.au>
Tue, 04 Sep 2001 21:23:00 +1000 

FWIW, whenever mozilla regresses in this fashion it's called "a bug" and
gets fixed pretty quickly.

Anthony

>>> Jens Vagelpohl wrote
> this is a "known problem" with OmniWeb (and a few other browsers.
> 
> OmniWeb will only send basic auth information when explicityly prompted. 
> unfortunately, the page on the right-hand side of the ZMI 
> (manage_workspace) does *not* prompt for authentication, it simply looks 
> for the headers and if it cannot read them you get redirected to a 
> "harmless" view, like index_html for the respective folder. most other 
> browsers, once they have a username and password, automatically send that 
> along for all other pages from the same webserver.
> 
> i have sent feedback to the guys at OmniWeb twice so far, if you could add 
> your voice to it that might help get it into production quicker.
> 
> jens
> 
> 
> 
> 
> On Saturday, September 1, 2001, at 09:54 , Mitchell L Model wrote:
> 
> > I would greatly appreciate it if people knowledgeable about the Zope user 
> > authentication process would consider helping me with a problem even 
> > though the context for the problem is extremely limited (Omniweb 10.0.5 
> > on Mac OS X 10.0.4), because the answer will help me understand an 
> > important part of Zope in addition to helping me get past my problem and 
> > in fact, I think the answer probably has to do with the mechanism by 
> > which web browsers communicate user authorization to server-side programs 
> > generally, independent of Omniweb or Zope, so many people might find this 
> > answer interesting.
> >
> > I couldn't use Zope at all on Omniweb before the just released version 10.
> > 0.5, because although I could successfully connect to a specific port 
> > included in the URL, Omniweb was not using that port for the frames 
> > within the page.  That seems to have been fixed with the newest version, 
> > but I still have a problem: I can successfully log in to Zope, but all 
> > attempts to use ZMI get redirected to View pages instead.  I have traced 
> > through the code in ZPublisher/BaseRequest.py and 
> > ZServer/PubCore/ZServerPublisher.py to determine that the request's _auth 
> > is coming in as None in Omniweb, but a more meaningful value in other 
> > browsers.  However, I'm having trouble finding where that information is 
> > coming from (the indirections in the Python code make it tricky to catch 
> > everything stepping through the code in pdb), and I've run out of time.
> >
> > I would GREATLY appreciate an explanation of where the authorization 
> > information is coming from.  I don't see the currently logged in user in 
> > my CGI environment, including cookies.  How does any server-side program 
> > get the user authorization information from the browser after the user 
> > has logged in and gone to a different frame or window?
> > --
> >     --- Mitchell
> >
> > _______________________________________________
> > Zope maillist  -  Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce
> > http://lists.zope.org/mailman/listinfo/zope-dev )
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
> 

-- 
Anthony Baxter     <anthony@interlink.com.au>   
It's never too late to have a happy childhood.