[Zope] custom authentication
04 Mar 2003 15:57:08 -0600
On Tue, 2003-03-04 at 13:03, Dieter Maurer wrote:
> Andrew Altepeter wrote at 2003-3-4 09:05 -0600:
> > I am working on integrating zope into the single sign-on auth. server we
> > have. To do so, I started with the cookie_validate method in
> > exUserFolder, modified it to suit, and placed it in my custom userFolder
> > class.
> > Ok, so it is working great if you to a page that requires
> > authentication. However, I have noticed a few quiry happenings here,
> > and maybe you guys can help me out.
> > Sometimes, if I authenticate through the sso, and try access an object
> > my user object doesn't have access do, I am sent a 401 Unauthorized with
> > a Basic login window. This is not what I want!
> > If the user is logged in, but doesn't have access, I want to return a
> > 'no access' page, and if the user is not logged not, then I want to
> > redirect to the sso.
> UserFolder's usually ensure this by overriding the
> "unauthorized" method of the RESPONSE object.
> Have a look at CookieCrumber (as an example).
Ok, I see. It seems that exUserFolder is an incomplete product then,
since it does not override the unauthorized method. As such, it cannot
prevent Basic auth's from slipping through unannounced...?
Looking in CookieCrumbler.py, I see that the __call__ method replaces
the response.unauth methods. But when I try to do that, I get a
complaint from zope:
File "/usr/local/Zope/lib/python/ZPublisher/HTTPResponse.py", line
662, in exception
TypeError: unbound Python method must be called with PortalUserFolder
To replace the unauth methods, I do the following:
In Products/PortalUserFolder/__init__.py, I do the following:
from ZPublisher.HTTPResponse import HTTPResponse
from PortalUserFolder import PortalUserFolder
#patch the HTTPResponse object's unauth code
HTTPResponse.old__unauthorized = HTTPResponse._unauthorized
HTTPResponse._unauthorized = PortalUserFolder._unauthorized
HTTPResponse.old_unauthorized = HTTPResponse.unauthorized
HTTPResponse.unauthorized = PortalUserFolder.unauthorized
Well, this doesn't seem to work. What am I doing wrong?
Thanks for all the help,