[Zope] double authentification problem

Dieter Maurer dieter@handshake.de
Fri, 29 Nov 2002 22:56:58 +0100


Elena Schulz writes:
 > in the below folder-structure I've got the following problem:
 > a user links to Methode1 where he does his login with role:Voter.
 > Methode1 contains only <dtml-var Methode3>.
 > The below form in Methode3 calls Methode2 on submit.
 > 
 > The problem: after submission of the form there is 2nd login-prompt
 > for the already authentificated user. How can I get rid of that?
 > All the Methods do have Manager-roles already.
 > (I would like to cut them to Voter or Owner anyway)
 > 
 > Can anybody help me with that?
 > ....
 > folder-structure:
 > 
 > FolderA
 > |
 > |_FolderB:viewPermission->roles: Manager&Voter
 > |        |_acl_users-Folder: .....
 > |        |_DTML Methode1:proxy=Manager
 > |        |_DTML Methode2:proxy=Manager
 > |
 > |_DTML Methode3:proxy=Manager
There are 2 issues:

1.
A login using "Basic Authentication" is effective
only inside the folder containing the object that
originally requested authentication.

For basic authentication, this is an effect of the HTTP 1.1 specification
about sending authentication info to a site (you may find
some detials in 

  <http://www.dieter.handshake.de/pyprojects/zope/book/chap3.html>

and full details in the HTTP 1.1 specification).

Usually, your browser will automatically provide the login
info it has for a site when it is challenged by a different
page from his site.
However, when not challenged, the application may see a wrong
user.

This appears not to be your problem.


2.
A user defined in an "acl_users" is known and has rights only
in the folder containing this "acl_users".
When it accesses any object outside of this folder, the
access is treated as an access by an annonymous user.

I expect that you see this an effect along these lines.
However, I am not sure about the interaction with proxy roles.


Dieter