[Zope3-Users] Disabling authentication for resources
andrew
andrew at reurbanise.co.nz
Wed Jul 9 20:19:18 EDT 2008
Hi All,
On Tue, 2008-07-08 at 22:52 -0700, Shailesh Kumar wrote:
> Did you try the resourceDirecotry ZCML directive?
>
> <browser:resourceDirectory
>
> name="js"
>
> directory="resource/js"
>
> layer=".interfaces.IBatonSkin"
>
> />
> that way they don't need the authentication overhead.
Thanks for the replies, everyone. This is what I currently have as an
example of a resource I'm fetching:
<resourceDirectory
name="ajs"
directory="ajs"
layer="vortex.layer.IVortexBrowserLayer"
permission="zope.Public"
/>
But if I try to access one of these resources directly from the web,
e.g.:
http://.../@@/ajs/gb_styles.css
I still get my authentication code being called. I've tracked it down
this far:
(zope.app.publication:zope.publication.py)
def _maybePlacefullyAuthenticate(self, request, ob):
if not IUnauthenticatedPrincipal.providedBy(request.principal):
# We've already got an authenticated user. There's nothing
to do.
# Note that beforeTraversal guarentees that user is not
None.
return
if not ISite.providedBy(ob):
# We won't find an authentication utility here, so give up.
return
sm = removeSecurityProxy(ob).getSiteManager()
auth = sm.queryUtility(IAuthentication)
if auth is None:
# No auth utility here
return
# Try to authenticate against the auth utility
principal = auth.authenticate(request) <!----- My PAU called
here
Any ideas ?
Cheers, Andrew.
More information about the Zope3-users
mailing list