[Zope] Lost user credentials
Dieter Maurer
dieter at handshake.de
Mon Mar 12 14:42:03 EDT 2007
Garito wrote at 2007-3-12 04:04 +0100:
> ...
>In my code I don't use nothing about security and nothing is changed on
>zmi's security tab
>
>But when I launch a method (Borrar if you remember) the user who launches
>the action is anonymous not the logged one
Your problem description is too terse to say something definite about
the real problem.
But, I can tell you that whether or not a user appears to be
anonymous or logged in only slightly depends on security settings.
The process is as follows:
The url traversal determines the published object and
the path to reach it. From the published object the roles are determined
necessary to access it.
Then a user folder is looked for that can authenticate a user
from the current request with the required roles. This lookup
proceeds in the reverse order than the url traversal.
Thus, unless you have given your object unreasonable roles (usually
you protect by a permission which is then mapped to a set of roles),
the authenticated user primarily depends on the authentication
information in the request.
In what kind the request contains authentication information
highly depends on the form of authentication you are using.
There are at least two widely used approaches: cookie based authentication
and HTTP (basic) authentication.
In the first case, the user will appear "anonymous" whenever
cookies are disabled.
--
Dieter
More information about the Zope
mailing list