AW: [Zope3-Users] efficiency of PAU authentication

Stephan Richter srichter at cosmos.phy.tufts.edu
Thu May 15 22:47:22 EDT 2008


On Tuesday 29 April 2008, nixon wrote:
> in app.publication.zopepublication.py there are 2 methods.
> Maybe they are invoked in different scenarios, I am not sure.
> But at least one PAU auth for each request.
>
>     def callTraversalHooks(self, request, ob):
>         # Call __before_publishing_traverse__ hooks
>         notify(BeforeTraverseEvent(ob, request))
>         # This is also a handy place to try and authenticate.
>         self._maybePlacefullyAuthenticate(request, ob)
>
>     def afterTraversal(self, request, ob):
>         #recordMetaData(object, request)
>         self._maybePlacefullyAuthenticate(request, ob)

callTraverslHooks is called after any new object has been traversed in the 
traversal process. See zope.publisher.base.BaseRequest.traverse. 
afterTraversal is called in zope.publisher.publish.publish after all 
traversal is done. So yes, you would see multiple attempts to authenticate. 
Zope cannot guess that you end up at the same place.

As Roger suggestedm some caching might be good, if the credentials 
verification is expensive.

Regards,
Stephan
-- 
Stephan Richter
Web Software Design, Development and Training
Google me. "Zope Stephan Richter"


More information about the Zope3-users mailing list