[Zope3-Users] Re: How do I logout from Zope 3 Management Interface

Tom Dossis td at yoma.com.au
Wed Oct 26 02:32:03 EDT 2005


Todd Wilson wrote:
> I just joined the list, and I am following up on a post in the archive 
> (sorry -- there wasn't a way to do this directly, so I don't know if 
> this message will end up in the same thread).
> 
> On 10/1/05, Lennart Regebro <regebro at gmail.com> wrote:
>> On 10/1/05, Milind Khadilkar <zedobject at gmail.com> wrote:
>> >
>> >  I have installed Zope 3.1 rc 3. After logging in, I could not find any
>> > logout button.
>>
>> There is no way to consistently log out from Basic HTTP authorization...
>>
>> > Is it OK to directly shut the browser window ( I am using Firefox)?
>>
>> Yup.
> 
> I am writing for clarification on Lennart's answer to Milind's question. 
>  In the many screenshots of the ZMI that can be seen in Philip von 
> Weitershausen's book ("Web Component Development with Zope 3", Springer, 
> 2005), one can definitely see "[Logout]" in the upper-right corner of 
> the ZMI page.  Like Milind, however, my installation of Zope 3.1.0 does 
> not have this link in its ZMI pages.
> 
> Is the absence of "[Logout]" in the latest version(s) because the 
> developers realized that it was misleading (as Lennart is suggesting) 
> and best left off, or is there another reason?  Given the sensitive 
> nature of some Zope deployments, the management password seems very well 
> worth protecting.  How about using a secure login (e.g., https) and 
> sessions, which is capable of supporting a true logout?

You can try the pluggable auth util (PAU)...

To add one to your site
  Manage Site -> Site Management -> Authentication (Unique Utilites)

Add a Session Credentials Plugin
  Manage Site -> tools -> PluggableAuthentication
  Edit the form to add 'Session Credentials' and submit Change

You'll now get a sessions based login form when you login to that site.

But you'll now need a 'Authenticator Plugin' to get in ... you can add a
Principal Folder Plugin to the PAU, then add principal(s) to it.

To get a [Logout] link you'll need to add the following zcml directive..

   <adapter
       for="zope.publisher.interfaces.browser.IBrowserRequest"
       factory="zope.app.security.LogoutSupported"
       />

As for the https you could use apache as a proxying front end.  I
believe the current dev. version of zope 3.2 uses twisted which may
offer https services, but I know next to nothing about it.

Hey I just realised I missed something, how do you assign roles to
principles using a PrincipleFolder above?




More information about the Zope3-users mailing list