[Zope-dev] Re: [Plone-developers] PAULA: bringing Zope 3's authentication to Plone and beyond

Florian Friesdorf flo at chaoflow.net
Tue Jul 15 23:48:12 EDT 2008 

On Mon, Jul 14, 2008 at 09:50:25AM +0200, Hermann Himmelbauer wrote:
> (..)
> 1) No way to pass PAU-related information to form-code: In PAU, the 
> (..)

As I using PAU within Plone and PlonePAS to handle the credential extraction and
form stuff, I can't say anything about PAU's capabilities of doing that.
However, I wrote it down and will eventually look into it.

> 2) Lack of documentation: The entities "Principal, InternalPrincipal, 
> PrincipalInfo" are very confusing to a newbie, I still don't get the "big 
> picture". 

InternalPrincipal is a persistent object used to store the data of principals
in a PrincipalFolder, PrincipalInfo is returned upon successfull authentication
and handed to FoundPrincipalFactory, which extracts some information and returns
Principal objects.

> 3) Lack of plugins: No plugin for URL-rewriting, e.g. cookie-less browsers 
> (retrieving auth-information from URL) etc.

I don't know about URL-rewriting, but you should be easily able to write your
own credentials plugin to extract whatever you like from a request object.

> I personally needed to write an authentication plugin for a SQLAlchemy based 
> RDB, and was confused a lot of how/why to create Principal / PrincipalInfo 
> objects: Should I create my own Principal/PrincipalInfo objects in order to 
> stuff information into them that my application needs?

Most probably that could work.

> How excactly should I cache user data so that a single browser request does
> not lead to multiple RDB queries? And where in the big picture is the "User"
> entity? (It's probably the InternalPrincipal object, I assume)...

You don't need InternalPrincipal objects, they are specific to PrincipalFolder,
IMHO.

I think you need:
- custom authenticator plugin, that authenticates against RDB and has a
  dictionary as cache: key = login, value = password;
- custom foundprinciplefactory, that generates Principal objects from RDB data,
  again using a simple key=login,value=Principal dictionary as cache;
- eventually a custom credentials plugin, that for your point 3.

> (..)
> So I would very, very much suggest to dig into PAU first and fix those 
> shortcomings before porting it to Plone/Zope2.

Exactly what I am doing :)

Thank you very much for your feedback.

florian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope-dev/attachments/20080715/2aaf1ca6/attachment.bin

More information about the Zope-Dev mailing list