-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/28/2011 09:46 AM, Daniel Holth wrote:
>> There seems to be a trend in pyramid development of re-implementing a >> lot of what was previously done in various layers of wsgi middleware >> ( session, auth, ...) and moving those part inside the main >> application layer. Is there a reason for this? >> > > On the other hand, you probably aren't going to see gzip compression > re-implemented as a Pyramid component. > > WSGI is not a convenient way to compose integrated applications. WSGI > middleware lets you pretend your web server has a sessions feature, but the > only integration point is an awkward 'stick something in environ' interface. > > I've tried using middleware to add a login form to my application, and then > I tried implementing the login form in the application itself. It was > awkward and frustrating to setup a system that handles requests at two > layers of the call stack. It was much easier and smoother to just add the > login form to my application. I think this is a strong sign that > authentication is part of the application and belongs there. I would say that the login form may belong in the app (but ware SSO deployments!), but that the challenge machinery works *better* as middleware, because it allows your app to function better in mixed environments. FWIW, repoze.who 2.0 explicitly works to enable / ease using the machinery where needed in the app by exposing the configured plugins via an API (the login and logout views are the obvious consumers). It also retainis the flexibility of middleware for enforcing policies. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1r01QACgkQ+gerLs4ltQ5TZQCeP0MCUvLOO0Y5GSSlwv7+lKd9 UHcAmwT7CP0G09u90rxj1zUaE25xPrsk =reoG -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "pylons-devel" group. To post to this group, send email to pylons-devel@googlegroups.com. To unsubscribe from this group, send email to pylons-devel+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-devel?hl=en.
