[Zope] ZServer: Www-Authenticate header not passed

Andrew Snare ajs@pigpond.com
10 Feb 1999 17:03:43 +1100 

--pgp-sign-Multipart_Wed_Feb_10_17:03:40_1999-1
Content-Type: text/plain; charset=US-ASCII

>>>>> "John" == John Eikenberry <jae@kavi.com> writes:

  John> ZServer probably raises an Unauthorized exception and this
  John> causes it to skip the code that puts the WWW-authenticate in
  John> the headers. I found this after running into a similar problem
  John> with Bobo (my realm wasn't getting set, which I needed). I was
  John> raising an Unauthorized exception in my validation method (the
  John> method that gets called to authenticate the users). The
  John> exception isn't caught by the code in ZPublisher.Publish (see
  John> below) and passes right through to the response code (in
  John> ZPublisher.Response).

Like yourself, I'm using a custom validate() method. However, my
validate() method doesn't raise Unauthorized upon error -- instead it
returns None.

  John> If this is the problem, a temporary fix might be to wrap the
  John> call to the validation in a try: except 'Unauthorized':
  John> ... check out lines 520-536 in ZPublisher.Publish. I would
  John> submit a patch, but I haven't had time to see if this would
  John> break anything else.

  John> The validate method gets called at line 520:

  John>             else: user=v(request, auth, roles)
  John>                        ^-the validate method

  John> On line 535-536 is where the method gets called
  John> (self.unauthorized()) which puts the WWW-authenticate in the
  John> header...

  John>             if user is None and roles != UNSPECIFIED_ROLES:
  John>                  self.unauthorized(realm,debug_mode)

I see what you're saying, however since my function returns None, it
should work.

The reason I reported this as a ZServer bug is because when using
ZopeHTTPServer everything works fine and the Www-Authenticate header
is set correctly. The header is just not produced when publishing the
same module using ZServer, which is why I'm blaming ZServer (although
I haven't delved too deeply into the code to work out the exact
problem).

 - Andrew
-- 
#!/usr/bin/env python
print(lambda s:s+"("+`s`+")")\
('#!/usr/bin/env python\012print(lambda s:s+"("+`s`+")")\\\012')
print(lambda x:x%`x`)('print(lambda x:x%%`x`)(%s)')

--pgp-sign-Multipart_Wed_Feb_10_17:03:40_1999-1
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP MESSAGE-----
Version: 2.6.3i
Comment: If you don't know what this is, you can safely ignore it.

iQCVAwUBNsEhPz9oumhqYnjxAQEZnAP+Opk9LGHFJoOI1+Io1SweX9Lyhv/+v834
1e1FiGkYEJJ0bfSTKti9eyqbtJPaNGlq8kmYK4wl1KIA4svlLuHLeRcD+SYk5eo5
nufy9rH71PsyWujH+ePHMbPMo+CoIEQPjIGiLvUpIArCRQ5gTPiFJ9xl9qx9JPDU
gPnc9FEwLMo=
=7wus
-----END PGP MESSAGE-----

--pgp-sign-Multipart_Wed_Feb_10_17:03:40_1999-1--