[Zope] access to zope folder by legacy authorization system
Joel Burton
joel@joelburton.com
Thu, 14 Mar 2002 10:40:44 -0500 (EST)
On Thu, 14 Mar 2002, jbr@FIZ-Karlsruhe.DE wrote:
> Hello,
>
> 1.) I have a folder (named secret1) with many sub-folders. This folder and its
> sub-folders should be restricted for Anonymous Web users visiting our site.
> 2.) I have a legacy sytem, which must be called by perl modules, to ask if a
> web user is authorized to see item1.
>
> After login to the legacy system it returns an authorization-id.
> I would like to store this id in a zope session object belonging to
> the web end user in order to have login to the legacy authification
> system only once. If the legacy system is asked for authorization later
> I can use the authorization-id and I don't have to ask the web user again for
> userid /pw.
>
> 3.) If the web user wants to see folder secret1, I want to use the
> authorization-id of the legacy system ( which I get from the zope
> session object after user has done login to the
> legacy system once) to ask if he may get access to folder secret1.
> This call has to be done by perl also.
> If the legacy authification system grants access, I will allow access to the
> zope folder.
So, essentially:
* If a SESSION variable is set (authorization ID), they can get into the
secret areas.
* If not, run a perl script and if they pass that, set the SESSION ID and
authorize
You can run the perl script in many ways--a PyExtenal method could just
call it (slow but easy!) or you could use the Zope/Perl solutions.
To restrict people from getting into a folder w/more flexbility than
regular Zope auth mechanisms, use SetAccessRule. You can write a PyScript
(& possible a PerlScript, don't have that installed on my zope) to check
the SESSION id, call your external perl thing if neccessary, and if they
fail, raise or redirect them elsewhere.
Search the ML or HOWTO for SetAccessRules for full story.
--
Joel BURTON | joel@joelburton.com | joelburton.com | aim: wjoelburton
Independent Knowledge Management Consultant