[BlueBream] Challenge issue with PAU

Zerrossetto tamaghei at gmail.com
Tue Jul 12 10:11:39 EDT 2011

I'm a Zope newbie and i can't figure out a solution on the pluggable authentication system.
I declared the local utilities for the PAU with a script mostly based as the one in the BB FAQ's at http://bluebream.zope.org/doc/1.0/faq.html#how-do-i-setup-authentication-using-a-pau, so to test it out i declared a simple view with zope.ManageContent permission required.

class TestFolderView(BrowserPage):
def __call__(self):
self.template = ViewPageTemplateFile('testfolderview.pt')

then in the configure.zcml


Then i declare in the zope shell the necessary folder in the ZODB and launch the setup script:

>>> import transaction
>>> from zope.app.folder import Folder
>>> from tw.main.setup import setup_site_manager
>>> root['testsite'] = Folder()
>>> setup_site_manager(root['testsite'])
>>> transaction.commit()

I expected here in paster serve mode to be redirected on the given login view, but instead zope prompts out the usual Unauthorized debug error.

URL: http://localhost:8080/testsite/test.html (http://localhost:8080/mainsite/test.html)
Module paste.evalexception.middleware:306 in respond 
>>  (http://localhost:8080/mainsite/test.html#)app_iter = self.application(environ, detect_start_response)
Module paste.translogger:68 in __call__ 
>>  (http://localhost:8080/mainsite/test.html#)return self.application(environ, replacement_start_response)
Module zope.app.wsgi:59 in __call__ 
>>  (http://localhost:8080/mainsite/test.html#)request = publish(request, handle_errors=handle_errors)
Module zope.publisher.publish:129 in publish 
>>  (http://localhost:8080/mainsite/test.html#)obj = request.traverse(obj)
Module zope.publisher.browser:554 in traverse 
>>  (http://localhost:8080/mainsite/test.html#)ob, add_steps = publication.getDefaultTraversal(self, ob)
Module zope.app.publication.browser:36 in getDefaultTraversal 
>>  (http://localhost:8080/mainsite/test.html#)return ob.browserDefault(request)
Unauthorized: (<zope.browserpage.metaconfigure.TestFolderView object at 0x104f9f410>, 'browserDefault', 'zope.ManageContent')

I have noticed searching around a bit that a solution of this is catching the IUnauthorized interface with zcml as it follows,

<browser:defaultView  for="zope.security.interfaces.IUnauthorized" 

but now I'm wondering if it's just the right approach for the problem, I mean, isn't duty of the PAU to issue a BrowserChallenge?

Thank you in advance.

Sent with Sparrow (http://www.sparrowmailapp.com) 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/bluebream/attachments/20110712/bef3e849/attachment.html 

More information about the bluebream mailing list