[Zope3-Users] Pluggable authentication, a newbie's question
Alexei Ustyuzhaninov
alust at 208.195-224-87.telenet.ru
Thu Feb 1 04:10:19 EST 2007
Stephan Richter пишет:
> On Sunday 28 January 2007 11:44, Alexei Ustyuzhaninov wrote:
>> This code is contained in the file mypackage/__init__.py, mypackage in
>> turn is loaded via ZCML.
>
> This is bad form. You should have that code in another module.
>
>> Both plugins and PAU are registered
>> successfully and I can access them with queryUtility. But the
>> authentication is carried through the standard mechanism and
>> MyAuthenticatorPlugin isn't even called.
>
> There are a couple of things to be said here:
>
> * Pluggable Authentication was not developed to work well globally. I know I
> had to tweak it a (tiny) bit to make it work for base registries.
>
> * You should use the pluggable authentication utility from a site. You can do
> this via ZCML and baseregistries or adding it to the ZODB. You should look
> into configurator on how to do this programmatically.
>
> Packages to check out:
> z3c.baseregistry
> z3c.configurator
I have looked a bit at the sources and make my own version of the
publication class which (I think) makes the authentication to work as I
want.
Here is my implementation:
overrides.zcml
--------------
<configure xmlns="http://namespaces.zope.org/zope"
xmlns:browser="http://namespaces.zope.org/browser">
<publisher
name="BROWSER"
factory="mypackage.MyPublication.MyBrowserFactory"
methods="GET POST HEAD"
mimetypes="*"
priority="10"
/>
</configure>
MyAuthentication.py
-------------------
from zope import interface
from zope.component import provideUtility
from zope.app.authentication import interfaces
from zope.app.authentication.interfaces import\
ICredentialsPlugin, IAuthenticatorPlugin, IPrincipalInfo
from zope.app.authentication import PluggableAuthentication
from zope.app.authentication.httpplugins import
HTTPBasicAuthCredentialsPlugin
class PrincipalInfo(object):
interface.implements(interfaces.IPrincipalInfo)
def __init__(self, id, title, description):
self.id = id
self.title = title
self.description = description
class CascadeAuthenticatorPlugin(object):
interface.implements(interfaces.IAuthenticatorPlugin)
def authenticateCredentials(self, credentials):
if credentials is None:
return None
params = my_authentication(credentials)
if params is None
return None
else:
return PrincipalInfo(*params)
provideUtility(HTTPBasicAuthCredentialsPlugin(), ICredentialsPlugin,\
name='My Credentials Plugin')
provideUtility(CascadeAuthenticatorPlugin(), IAuthenticatorPlugin,
name='My Authenticator Plugin')
pau=PluggableAuthentication('')
pau.credentialsPlugins=('My Credentials Plugin',)
pau.authenticatorPlugins=('My Authenticator Plugin',)
MyPublication.py
----------------
import transaction
from zope.app.publication.browser import BrowserPublication
from zope.app.publication.requestpublicationfactories import\
BrowserFactory
from zope.app.security.principalregistry import\
principalRegistry as prin_reg
from zope.security.management import newInteraction
from Authentication import pau
class MyPublication(BrowserPublication):
def beforeTraversal(self, request):
#p = prin_reg.authenticate(request)
p = pau.authenticate(request)
if p is None:
p = prin_reg.unauthenticatedPrincipal()
if p is None:
raise Unauthorized # If there's no default principal
request.setPrincipal(p)
newInteraction(request)
transaction.begin()
def _maybePlacefullyAuthenticate(self, request, ob): ""
class MyBrowserFactory(BrowserFactory):
def __call__(self):
request_class, orig_publ=super(CascadeBrowserFactory,
self).__call__()
return request_class, MyPublication
I'm new to zope3, so could you estimate how well this approach
corresponds to the zope architecture.
--
Alexei
More information about the Zope3-users
mailing list