[Zope] Pluggable Auth Service ... how is it used?
Jens Vagelpohl
jens at dataflake.org
Thu Jul 7 03:07:49 EDT 2005
On 7 Jul 2005, at 06:41, Richard Jones wrote:
> I'd like to get session-based login going, and on the surface PAS
> appears to
> support that.
>
> First up, is there any documentation?
>
> I've set up in my PAS "acl_users" the following objects:
>
> 1. "cookies" - a Cookie Auth Helper active for Challenge
> 2. "session" - a Session Auth Helper active for Extraction, Update
> Credentials and Reset Credentials
> 3. "users" - a ZODB User Manager with a single user "test"
> 4. "roles" - a ZODB Role Manager with the "test" user assigned to
> "Manager"
>
> Then accessing a "Manager" protected method inside the folder
> brings up the
> login form from the Cookie Auth Helper, but submitting that form
> does nothing
> (it returns the empty form to me).
>
Add "Extraction" to the cookie object. Only the cookie object would
know how to extract credentials coming back from the cookie object's
challenge. Makes sense, doesn't it?
I have described such a setup before either here or on the PAS list
itself, take a look at the archives. The very first challenge and
extraction is done by the cookie auth helper, and the credentials are
then stored by the session auth helper which is doing all extractions
after that.
jens
More information about the Zope
mailing list