[Grok-dev] Authorization issue With grokproject created instance and wsgi
uli at gnufix.de
Thu Mar 5 08:14:25 EST 2009
Michael Haubenwallner wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Uli Fouquet wrote:
> > Currently the default view of grokui.admin redirects to 'applications'
> > view. We could make it display a more or less empty, public entry page
> > with a link to @@login.html. This wouldn't fix the actual problem, but
> > most new users would not get stuck on initial use of debug.ini.
> We could register a 'login.html' and after successful login redirect to
Unfortunately you're not done dropping a login.html. The appropriate
template has to be registered with the main authentication utility and
in the authentication utility you have to enable session based
I already tried to introduce that some time ago and it resulted in
terrrible side effects like users not able to login after an update etc.
I'd prefer not to fiddle around with the PAU.
In the beginning I thought that session-based authentication is enabled
automatically, but this seems not to be true.
What we could do instead: in the (then public) index-view check, whether
the user is authenticated and if not, redirect to '@@login.html', which
also pops up a basic-auth box but also works with the debugger.
For some reason (I'd be interested to know, but yet don't) in this case
basic-auth works without triggering an Unauthorized exception.
This fix could be done with two or three lines of code and would at
least enable people to go to 'localhost:8080' and authenticate
Other protected URLs would, however, still trigger the debugger.
What do you think?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://mail.zope.org/pipermail/grok-dev/attachments/20090305/8908b094/attachment-0001.bin
More information about the Grok-dev