[Grok-dev] Authorization issue With grokproject created instance and wsgi
michael at d2m.at
Thu Mar 5 08:34:54 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Uli Fouquet wrote:
> Hi there,
> Michael Haubenwallner wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> Uli Fouquet wrote:
>>> Currently the default view of grokui.admin redirects to 'applications'
>>> view. We could make it display a more or less empty, public entry page
>>> with a link to @@login.html. This wouldn't fix the actual problem, but
>>> most new users would not get stuck on initial use of debug.ini.
>> We could register a 'login.html' and after successful login redirect to
> Unfortunately you're not done dropping a login.html. The appropriate
> template has to be registered with the main authentication utility and
> in the authentication utility you have to enable session based
> authentication first.
> I already tried to introduce that some time ago and it resulted in
> terrrible side effects like users not able to login after an update etc.
> I'd prefer not to fiddle around with the PAU.
> In the beginning I thought that session-based authentication is enabled
> automatically, but this seems not to be true.
> What we could do instead: in the (then public) index-view check, whether
> the user is authenticated and if not, redirect to '@@login.html', which
> also pops up a basic-auth box but also works with the debugger.
> For some reason (I'd be interested to know, but yet don't) in this case
> basic-auth works without triggering an Unauthorized exception.
> This fix could be done with two or three lines of code and would at
> least enable people to go to 'localhost:8080' and authenticate
> Other protected URLs would, however, still trigger the debugger.
> What do you think?
I am fine with your suggestion.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Grok-dev