On 09/19/2011 05:24 AM, Taras wrote: > Hi, community. > For some time now I worked on a API for my site and did not find one > good feature, that would really help me. > I want to authenticate *Users* and *Applications*, that use my API. > Those are 2 different principals and have different permissions and even > authentication utilities. > The problem is that I did not found a way to do this in the current > /policy/. Did I/look bad /and there is such a feature? I simply want to > know before rewriting a good piece of code to create it.
How do you distinguish between the two kind of principals at the web layer? Do they visit different URLs? Do they supply recognizably different data in the HTTP request header? If different URL trees, you can use two 'local site manager' objects, each with their own registered authentication objects. The one found first when ascending the URL hierarchy will be used. You can also easily supply your own AuthenticatedPrincipalFactory, that peeks into the PrincipalInfo and creates either a principal of kind A or kind B, depending upon the authenticated principal and URL visited. Each kind of principal can be given a different permission set, perhaps even using the 'group' kind of principal, defined in zope.pluggableauth. If you cannot separate the URL trees for your two kinds of principals, then just subclass the topmost authentication component in zope.pluggableauth, add it to overrides.zcml, and have it use collection A (a pluggableauth folder) or collection B of your authentication utilities, based on something you can identify in your request object. -Jeff _______________________________________________ bluebream mailing list [email protected] https://mail.zope.org/mailman/listinfo/bluebream
