[Zope-dev] Overriding HTTPResponse.unauthorized()
Shane Hathaway
shane@zope.com
Mon, 15 Apr 2002 14:01:47 -0400
Matt Behrens wrote:
> I've got some rather funky auth requirements where I need to stop Zope
> from challenging Basic authentication when Unauthorized is raised.
>
> I seem to be able to do this if I monkey-patch
> HTTPResponse.unauthorized(), but what I'd really like is to be able to
> hook into it to make a user folder-overridable challenge with a fallback
> to the standard unauthorized. Maybe such a hook would be useful in 2.6 :-)
>
> So, given that, can I get to the user folder from
> HTTPResponse.unauthorized()? Or are there any better ideas?
Check out CookieCrumbler. It does several things:
- It patches response *instances*; that is, it adds an attribute to
response instances called "unauthorized" which overrides the method.
The attribute value is a method bound to a different object.
- It uses the request._hold() mechanism to delete the attribute it added
to the response, avoiding a memory leak.
It would be useful to provide a better way to hook unauthorized() in
Zope 2.6, but this way is compatible with Zope 2.4 and 2.5, so I'm not
motivated enough. ;-)
Shane