[Zope3-Users] Still trying to figure out PAU

Florian Lindner mailinglists at xgm.de
Sat Feb 4 07:32:41 EST 2006 

Am Freitag, 3. Februar 2006 17:11 schrieb Rupert Redington:
> Florian Lindner wrote:
> > Am Freitag, 3. Februar 2006 04:07 schrieb Gary Poster:
> >> On Feb 2, 2006, at 4:41 PM, Florian Lindner wrote:
> >>> Hello,
> >>> I'm still desperately trying to figure out the
> >>> PluggableAuthentication.
> >>
> >> Since no one has replied, I'll try my "30-second remediation"
> >> technique again. ;-)  That means I didn't really follow exactly what
> >> you are doing, and I'm just trying for low-hanging fruit to help
> >> you. :-)
> >>
> > :-)
> > :
> >>> I perform the following steps:
> >>>
> >>> 1) Create an instance of my folderish, possible site (named A),
> >>> content
> >>> object.
> >>>
> >>> 2) I create a site in it.
> >>>
> >>> 3) I add a PAU in the default software space
> >>>
> >>> 4) I add a SessionCredentialsPlugin and a PrincipalFolder as plugins.
> >>>
> >>> 5) I create a internal principal with "Title" =
> >>> "zope.Manager" (tried also
> >>> other ones). name = abc
> >>>
> >>> 6) In the SessionCredentialsPlugin I leave to "loginForm.html". I've a
> >>> loginForm.html view in my A-object)
> >>>
> >>> 7) I register all components (SessionCreadentiasPlugin,
> >>> PrincipalFolder and
> >>> PAU)
> >>
> >> So that means that http://127.0.0.1:8080/++etc++site/default/test.pau/
> >> @@configure.html (or similar) has one credentials plugin in the right
> >> column ("Session Credentials (a utility)") and one authenticator
> >> plugin in the right column ("PrincipalFolder (a utility)" or
> >> something like that).  Right?
> >>
> >> If not, make it so.  :-)
> >
> > It was already like that, forgot to mention it.
> >
> >> If that doesn't work, try making the right column of the Credentials
> >> Plugins field be "No Challenge if Authenticated (a utility)" first
> >> and then "Session Credentials (a utility)" second.  That's probably
> >> what you want anyway.
> >
> > Changed it a bit.
> >
> > I'm not redirected to the loginForm.html but a "Not authorized" page.
> > Anything else is the same. I wonder why I'm not authorized, because in
> > the authenticateCredentials() function the internal.title returns:
> >
> > (Pdb) internal.title
> > u'zope.Manager'
> >
> > Which should be authorized for anything.
> >
> > Hope you can hang the fruits a few centimeter lower...  ,-)
>
> If this fruit is low enough for me I'll be very surprised, and you've
> probably done this already, but:
>
> Does the Principal you've added to your PAU authentication plugin have a
> grant on the site/folder you're trying to access?

I've given the principal the title (which is AFAIK the same as role) 
zope.Manager, which IMO does not need further grants.

Another way I've tried: I've created a principal with title CS.User.
In my configure.zcml I have: 

    <role
        id="CS.User"
        title="centershock.net user" />
    
    <grant permission="CS.View"
        role="CS.User" />

The ressource I try to access has security declarations:

    <page
        name="toHomeFolder"
        for="*"
        permission="CS.View"
	[...] />


Or do I need further grants or anything? Or do I misunderstand the title 
attribute of the principal.

Thanks,

Florian

More information about the Zope3-users mailing list