Following "Authkit with Pylons" article (and a mixture of other articles, docs, etc) If I try to protect my whole application I see this strange error: "exceptions.AssertionError: Forwarding loop detected; '/signin' visited twice (internal redirect path: ['/public', '/signin']) ".
But WSGI chain seems good: 1. code in my "config/middleware.py" module: ... if asbool(full_stack): # Authentication and Authorization import authkit.authorize from authkit.permissions import RemoteUser app = authkit.authorize.middleware(app, RemoteUser()) # Change HTTPExceptions to HTTP responses app = httpexceptions.make_middleware(app, global_conf) # Authentication and Authorization import authkit.authenticate app = authkit.authenticate.middleware(app, app_conf) # Error Handling app = ErrorHandler(app, global_conf, error_template=error_template, **config.errorware) ... 2. options in my "development.ini" configuration file: ... [app:main] ... authkit.enable = true authkit.method = forward authkit.signin = /signin authkit.cookie.signout = /signout authkit.cookie.secret = my secret key authkit.cookie.name = auth_tkt authkit.cookie.params = max-age:3600 authkit.catch = 401, 403 3. code in my main controller "controllers/home.py": class HomeController(BaseController): def signin(self): username = str(request.params.get('username', '').strip().lower()) password = str(request.params.get('username', '').strip()) if len(request.params) > 1 and username == password: request.environ['paste.auth_tkt.set_user'] (username) request.environ['REMOTE_USER'] = username session['user'] = username session.save() redirect_to(request.environ['HTTP_REFERER']) else: return Response(login_template) def signout(self): if request.environ['PATH_INFO'] == '/signout/': h.redirect_to('/signout') if not request.environ.has_key('REMOTE_USER'): return Response('You are not signed in') else: request.environ['paste.auth_tkt.logout_user']() del request.environ['REMOTE_USER'] del session['user'] session.save() return Response('You have been signed out') def public(self): return Response('This is public') @authorize(RemoteUser()) def private(self): return Response('This is private') 4. and I use the "default" (untouched) routes map file If I work without global security, only at method level (tested with public() and private() methods), commenting "authkit.authorize.middleware" line, all works great. But, with this style, I must to add security on all my controllers. And I'm very lazy 8-)). ¿Someone knows where's the problem? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---