[Zope3-Users] Authentication question
jtaylor at thig.com
Wed Aug 31 17:23:38 EDT 2005
Hi All. Hope this hasn't been answered elsewhere, but I've looked through
zope3-users and zope3-dev email and chat logs, and can't find an answer.
After working through philiKON's web component development book, I decided
to move to zope3.1 (mostly because I wanted to snag the homefolder code,
which of course he also wrote). In the process of doing this, I decided to
subclass and override some of IPrincipalFolder. I create a folder, turn it
into a site, add a pluggableAuthentication utility (non-named), and create
my new principal folder implementation. I can create new principals of my
own type in these folders... (I wanted to use role manager to add some roles
at creation time, rather than explicitly granting them at different
locations through the ZMI). That part seems to be working.
I can't actually log in with my new user's credentials. If I connect to
specific resources over xmlrpc using my new set of credentials, it works, I
can connect to and modify objects with my new principal. But logging in
over the web fails. I'm using cookieauth, almost line for line from the web
component development book, and it does, if I dump a bunch of debug
statements in, prove to be working as the ILoginPassword interface that's
getting the info when I post up my username/password (as zope_user,
After some digging, I noticed that in zope.app.security.principalregistry
where it's implementing IAuthentication.authenticate it checks for
__principalsByLogin[login]. That dictionary only ever, for me, contains my
administrative user (when I throw in some print statements to verify).
Since it's called by zope.app.publication in beforeTraversal, that makes
sense that it's only checking local registry, but I don't know how to push
it along to check the next IAuthentication implementation available.
I may, also, be going about this the wrong way. Any thoughts?
CONFIDENTIAL NOTICE: This email including any attachments, contains
confidential information belonging to the sender. It may also be
privileged or otherwise protected by work product immunity or other
legal rules. This information is intended only for the use of the
individual or entity named above. If you are not the intended
recipient, you are hereby notified that any disclosure, copying,
distribution or the taking of any action in reliance on the contents
of this emailed information is strictly prohibited. If you have
received this email in error, please immediately notify us by
reply email of the error and then delete this email immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Zope3-users