[Zope] Lost user credentials
Garito
garito at gmail.com
Mon Mar 12 14:45:05 EDT 2007
To Dennis: I use Zope 2.9.5 final. Is this version concern
2007/3/12, Dieter Maurer <dieter at handshake.de>:
>
> Garito wrote at 2007-3-12 04:04 +0100:
> > ...
> >In my code I don't use nothing about security and nothing is changed on
> >zmi's security tab
> >
> >But when I launch a method (Borrar if you remember) the user who launches
> >the action is anonymous not the logged one
>
> Your problem description is too terse to say something definite about
> the real problem.
>
> But, I can tell you that whether or not a user appears to be
> anonymous or logged in only slightly depends on security settings.
>
> The process is as follows:
>
> The url traversal determines the published object and
> the path to reach it. From the published object the roles are determined
> necessary to access it.
> Then a user folder is looked for that can authenticate a user
> from the current request with the required roles. This lookup
> proceeds in the reverse order than the url traversal.
>
> Thus, unless you have given your object unreasonable roles (usually
> you protect by a permission which is then mapped to a set of roles),
> the authenticated user primarily depends on the authentication
> information in the request.
>
> In what kind the request contains authentication information
> highly depends on the form of authentication you are using.
> There are at least two widely used approaches: cookie based authentication
> and HTTP (basic) authentication.
>
> In the first case, the user will appear "anonymous" whenever
> cookies are disabled.
>
>
>
> --
> Dieter
>
--
Mis Cosas: http://blogs.sistes.net/Garito
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20070312/6336acba/attachment.htm
More information about the Zope
mailing list