[Zope] custom authentication

Dieter Maurer dieter@handshake.de
Tue, 4 Mar 2003 20:03:25 +0100


Andrew Altepeter wrote at 2003-3-4 09:05 -0600:
 > I am working on integrating zope into the single sign-on auth. server we
 > have.  To do so, I  started with the cookie_validate method in
 > exUserFolder, modified it to suit, and placed it in my custom userFolder
 > class.  
 > 
 > Ok, so it is working great if you to a page that requires
 > authentication.  However, I have noticed a few quiry happenings here,
 > and maybe you guys can help me out.
 > 
 > Sometimes, if I authenticate through the sso, and try access an object
 > my user object doesn't have access do, I am sent a 401 Unauthorized with
 > a Basic login window.  This is not what I want!
 > 
 > If the user is logged in, but doesn't have access, I want to return a
 > 'no access' page, and if the user is not logged not, then I want to
 > redirect to the sso.

UserFolder's usually ensure this by overriding the
"unauthorized" method of the RESPONSE object.

Have a look at CookieCrumber (as an example).


Dieter