[Zope3-Users] Re: How do I logout from Zope 3 Management Interface
Tom Dossis
td at yoma.com.au
Wed Oct 26 02:32:03 EDT 2005
Todd Wilson wrote:
> I just joined the list, and I am following up on a post in the archive
> (sorry -- there wasn't a way to do this directly, so I don't know if
> this message will end up in the same thread).
>
> On 10/1/05, Lennart Regebro <regebro at gmail.com> wrote:
>> On 10/1/05, Milind Khadilkar <zedobject at gmail.com> wrote:
>> >
>> > I have installed Zope 3.1 rc 3. After logging in, I could not find any
>> > logout button.
>>
>> There is no way to consistently log out from Basic HTTP authorization...
>>
>> > Is it OK to directly shut the browser window ( I am using Firefox)?
>>
>> Yup.
>
> I am writing for clarification on Lennart's answer to Milind's question.
> In the many screenshots of the ZMI that can be seen in Philip von
> Weitershausen's book ("Web Component Development with Zope 3", Springer,
> 2005), one can definitely see "[Logout]" in the upper-right corner of
> the ZMI page. Like Milind, however, my installation of Zope 3.1.0 does
> not have this link in its ZMI pages.
>
> Is the absence of "[Logout]" in the latest version(s) because the
> developers realized that it was misleading (as Lennart is suggesting)
> and best left off, or is there another reason? Given the sensitive
> nature of some Zope deployments, the management password seems very well
> worth protecting. How about using a secure login (e.g., https) and
> sessions, which is capable of supporting a true logout?
You can try the pluggable auth util (PAU)...
To add one to your site
Manage Site -> Site Management -> Authentication (Unique Utilites)
Add a Session Credentials Plugin
Manage Site -> tools -> PluggableAuthentication
Edit the form to add 'Session Credentials' and submit Change
You'll now get a sessions based login form when you login to that site.
But you'll now need a 'Authenticator Plugin' to get in ... you can add a
Principal Folder Plugin to the PAU, then add principal(s) to it.
To get a [Logout] link you'll need to add the following zcml directive..
<adapter
for="zope.publisher.interfaces.browser.IBrowserRequest"
factory="zope.app.security.LogoutSupported"
/>
As for the https you could use apache as a proxying front end. I
believe the current dev. version of zope 3.2 uses twisted which may
offer https services, but I know next to nothing about it.
Hey I just realised I missed something, how do you assign roles to
principles using a PrincipleFolder above?
More information about the Zope3-users
mailing list