[Zope3-Users] PAU / credentials / authentication

Rupert Redington rupert at neontribe.co.uk
Thu Sep 6 06:52:50 EDT 2007


Hermann Himmelbauer wrote:
> Hi,
> After thoroughly studying Philipp's book and the PAU-doctests, I unfortunately 
> still have no clue how to do my authentication. My (simple) scenario is the 
> following:
> 
> - I wrote a Zope package that can be added as a site
> - I have one Zope instance with several of these sites
> - Users should authenticate site-specific, e.g. users that authenticated for 
> site A should not automatically be authenticated for site B and never for the 
> Zope root
> - I want to use Session Credentials
> - I wrote an authenticator plug-in for an existing relational database that 
> looks like this:
> 
> class PasswdAuthenticator(Persistent):
>     implements(IPasswd, IAuthenticatorPlugin, ILocation)
>     __parent__ = __name__ = None
> 
>     def authenticateCredentials(self, credentials):
>         if not (credentials and 'login' in credentials and
>                 'password' in credentials):
>             return
>         login, password = credentials['login'], credentials['password']
>         if relation_db_check(login,passwd):
>             return PrincipalInfo()
> 
> Now I have to glue all this together, but how?
> 
> Do I need a local, site specific PAU? If yes, how do I create/store one 
> without the ZMI? I want that to automatically be done during site creation, 
> e.g. via a subscriber (I have already one that builds the basic site 
> structure). Probably a PAU is created like this:
> 
> pau = zope.app.authentication.PluggableAuthentication('myprefix_')
> 
> But - how do I add this to my site manager then? Have the prefixes to be 
> different for every PAU that are located in the different sites?
> 
> How do I enable Session Credentials, or are they already enabled?
> 
> And - how do I tell the PAU to use my authentication utility, perhaps I have 
> to create one and somehow place it into the PAU, as it's a container? Or 
> should I register it as a local utility? Or as a global utility? In case of a 
> utility, the Authenticator Plugin probably does not have to inherit from 
> persistent.Persistent?
> 
> Moreover Philipp's book states that available plug-ins need to be configured 
> but I don't know to do this without the ZMI?
> 
> Best Regards,
> Hermann
> 


Hi Hermann,

I do it roughly like this - but, in my experience there's usually a
better way of doing things than whatever way I choose :-)

It answers some of your questions...

from zope.app.authentication.authentication import PluggableAuthentication
from zope.app.security.interfaces import IAuthentication
from zope.app.authentication.principalfolder import PrincipalFolder
from zope.app.authentication.interfaces import IAuthenticatorPlugin

# My event subscriber will be passed a reference to the site object
# from which we can get the sitemanager
sitemanager = event.object.getSiteManager()
pau = PluggableAuthentication()
sitemanager['PAU'] = pau
sitemanager.registerUtility(pau, IAuthentication)
# Tell the PAU which sort of credentials we want to use
pau.credentialsPlugins = (u'Session Credentials')
# make whatever authenticatorPlugin we want
users = PrincipalFolder()
users.prefix = u'users.'
pau[u'users'] = users
# get the current list of authenticator plugins, add users and reset
aplugins = list(pau.authenticatorPlugins)
aplugins.append(u'users')
pau.authenticatorPlugins = aplugins

Cheers,

Rupert


More information about the Zope3-users mailing list