[Zope] Custom authentication that avoids login screens
Felix Ulrich-Oltean
felix@chaptereight.com
Mon, 18 Nov 2002 16:55:48 +0000
Hi
I have been pestering the good folks on #zope about this, as well as
trying to ask in here a couple of times, but I'm not getting anywhere,
and worse, I don't think people get what I am trying to do although it
seems simple:
Our site is served by Zope, as well as PHP and Perl - the entry point
is in PHP - i.e. login screens, general stuff. By the time someone
gets to the Zope pages, they should be already logged in. I've looked
at both exUserFolder and SimpleUserFolder, but I still cannot see how
to intercept the request before the UF presents the user with a login
screen / HTTP basic auth dialog.
The PHP part of the site will have set a cookie - in Zope I need to
look for this cookie, and then use it as a key in our RDBMS to check
whether or not to allow the user to proceed. If there's no cookie or
the user is not authorized, I need to bounce them back to the
PHP-based login system.
TheJester suggested looking at remoteAuthMethod in exUF, but this
method is called too late in the chain of events.
Am I really not making sense? Anyone shed any light on this?
TIA,
Felix.