[Zope] custom authentication

Andrew Altepeter aaltepet@bethel.edu
04 Mar 2003 09:05:33 -0600

Hi all!

I am working on integrating zope into the single sign-on auth. server we
have.  To do so, I  started with the cookie_validate method in
exUserFolder, modified it to suit, and placed it in my custom userFolder

Ok, so it is working great if you to a page that requires
authentication.  However, I have noticed a few quiry happenings here,
and maybe you guys can help me out.

Sometimes, if I authenticate through the sso, and try access an object
my user object doesn't have access do, I am sent a 401 Unauthorized with
a Basic login window.  This is not what I want!

If the user is logged in, but doesn't have access, I want to return a
'no access' page, and if the user is not logged not, then I want to
redirect to the sso.

How can I do this?  Do I need to 'hack' the HTTPResponse code (methods
unauthorized, _unauthorized, and possibly exception to do this)?

Any help would be greatly appreciated.