[Zope-dev] PAS CookieAuthHelper and insufficient privileges

Tres Seaver tseaver at palladion.com
Wed Oct 13 12:13:54 EDT 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/11/2010 08:21 PM, Laurence Rowe wrote:
> I'm currently implementing single sign on across Plone sites but have
> run into a bit of an issue with the CookieAuthHelper.
> 
> Unauthorized accesses are redirected to its login_path attribute even
> when a user is already logged in. Plone works around this with a
> require_login script that traverses to insufficient_privileges (rather
> than login_form) when the user is not anonymous.
> http://dev.plone.org/plone/browser/Plone/trunk/Products/CMFPlone/skins/plone_login/require_login.py
> 
> I'd like to avoid having two redirects (one to require_login and then
> one to the remote login page).
> 
> One option (as suggested in require_login.py) would be to have
> CookieAuthHelper traverse rather than redirect to the login_path so
> that sites could override the behaviour, though they would then
> presumably need to duplicate the functionality currently in
> CookieAuthHelper.unauthorized (which I must admit to only barely
> understanding...)
> http://zope3.pov.lt/trac/browser/Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/CookieAuthHelper.py
> 
> Instead, it would seem to make sense to move this functionality login
> / insufficient privileges functionality into the CookieAuthHelp
> itself. I could add an insufficient_privs_path and redirect there
> instead of login_path when a user is already authorized.
> 
> Yet another option would be to let logged in unauthorized to percolate
> up and implement that page with an error view.
> 
> Any opinions? I'm leaning towards adding an insufficient_privs_path as
> it seems simplest and least invasive. (When not set it would just use
> login_path as normal).

zope-dev at zope.org is the wrong mailing list for PAS-related questions:
please keep them on zope-pas at zope.org:

 https://mail.zope.org/mailman/listinfo/zope-pas


Tres.
- -- 
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAky12sIACgkQ+gerLs4ltQ6kMgCeK7BdQ7yQryspLaYlT9O8ljWS
ntYAn3qwCRG6V9sW8ihFOLReyIYREkZ5
=C1EF
-----END PGP SIGNATURE-----

More information about the Zope-Dev mailing list