[Zope3-Users] Confusion about PAU usage.

Alec Munro alecmunro at gmail.com
Mon Aug 22 10:47:40 EDT 2005

Hi List,

I'm slowly getting my head around the way security works in general in
Zope 3, but I could use a decent PAU tutorial.
Specifically, I'm having some trouble with the PrincipalFolder,
especially figuring out the differences between InternalPrincipal,
PrincipalInfo, and Principal. Reading some of the docs, it makes it
seem like these three are all used to obtain an authenticated
principal. That is, based on my understanding:

A PrincipalFolder contains InternalPrincipals.
When credentials are authenticated, a PrincipalInfo instance is returned.
That principal instance can be passed to an
AuthenticatedPrincipalFactory, which will return a Principal instance.

Is this generally correct? If so, is there a document available that
details the reasoning behind this process? I could probably work it
out on my own, but it is not my area of expertise, so any additional
info would be appreciated.
In my situation, I am trying to create principals with additional
properties, and initially I did that by extending InternalPrincipal.
That worked fine, until I realised that when I authenticated, I was
getting back a PrincipalInfo instance, which does not contain the
additional properties. Additionally, I wish to have multiple types of
users, so I had extended InternalPrincipal a couple of times, to
create a few different classes, the distinction of which is obviousy
lost when authenticating ATM.

Everything I've read so far has been light on practical implementation
details, so if anyone could point me in the right direction, that
would be great.



More information about the Zope3-users mailing list