[Zope] Mixing authentication techniques at the same site with exUserFolder
Dieter Maurer
dieter@handshake.de
Thu, 9 Jan 2003 22:56:28 +0100
Emmanuel Viennet wrote at 2003-1-9 08:11 +0100:
> Do you refer to this thread ?
> http://lists.zope.org/pipermail/zope/2002-August/121367.html
No!
Sorry, I did write such a message but it did not go to a Zope
mailing list and has been in German. Getting old...
The basic idea:
You have a central session management (via a backend database).
When your user authenticates, he gets a session handle
(cookie or URL segment component).
The session contains capabilities (to use various services).
When the user need capabilities, the appliciation looks into the
session via the session handle and checks whether the
session provides the capability.
In Zope, you could use a specialized User Folder that
could access the session and obtain user information from it
and then return the corresponding "User" object.
In this way, you could use the standard Zope authorization
framework.
Dieter