Re: AW: [Zope3-Users] Disabling authentication for resources
On Thu, 2008-07-10 at 02:44 +0200, Roger Ineichen wrote: > I guess bypass the authentication process is not supported for > zope.Public protected objects. > > Zope does authenticate the user. And later it checks security > for the object based on that user (authorization). > > zope.Public is correct for public access, but it doesn't mean > the user get not authenticated. Remember authentication and > authorization are two different things. > > I'm not really sure. But I guess without authentication, > Zope doesn't know if even zope.Public is allowed for this > user because you can deny permissions. But I'm also not sure > without to introspect the code if zope.Public can set as deny. > > Hope that gives some hints for deep into the internals > of IAuthentication. If you need a simpler implementation, > take a look at z3c.authenticator. That's great, thanks Roger. That's a good point that authentication and authorization are different things. So, it would seem that there's no easy way to avoid the authentication process altogether, so I'll just hope that the overhead is not too great :-) Cheers, Andrew. ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Disabling authentication for resources
Hi, I have couple of following settings in my etc\securitypolicy.zcml I didn't use zope.Public on my resource directories. still able to acess them. I use the older zope 3.3 zope instances. Not sure if this helps you. With regards, - Shailesh On Wed, Jul 9, 2008 at 5:44 PM, Roger Ineichen <[EMAIL PROTECTED]> wrote: > Hi Andrew > > > Betreff: Re: [Zope3-Users] Disabling authentication for resources > > [...] > > I guess bypass the authentication process is not supported for > zope.Public protected objects. > > Zope does authenticate the user. And later it checks security > for the object based on that user (authorization). > > zope.Public is correct for public access, but it doesn't mean > the user get not authenticated. Remember authentication and > authorization are two different things. > > I'm not really sure. But I guess without authentication, > Zope doesn't know if even zope.Public is allowed for this > user because you can deny permissions. But I'm also not sure > without to introspect the code if zope.Public can set as deny. > > Hope that gives some hints for deep into the internals > of IAuthentication. If you need a simpler implementation, > take a look at z3c.authenticator. > > > Regards > Roger Ineichen > > > > > On Tue, 2008-07-08 at 22:52 -0700, Shailesh Kumar wrote: > > > Did you try the resourceDirecotry ZCML directive? > > > > > > > > > > > name="js" > > > > > > directory="resource/js" > > > > > > layer=".interfaces.IBatonSkin" > > > > > > /> > > > that way they don't need the authentication overhead. > > > > Thanks for the replies, everyone. This is what I currently > > have as an example of a resource I'm fetching: > > > >> name="ajs" > > directory="ajs" > > layer="vortex.layer.IVortexBrowserLayer" > > permission="zope.Public" > > /> > > > > But if I try to access one of these resources directly from the web, > > e.g.: > > > > http://.../@@/ajs/gb_styles.css > > > > I still get my authentication code being called. I've tracked > > it down this far: > > > > (zope.app.publication:zope.publication.py) > > > > def _maybePlacefullyAuthenticate(self, request, ob): > > if not > > IUnauthenticatedPrincipal.providedBy(request.principal): > > # We've already got an authenticated user. > > There's nothing to do. > > # Note that beforeTraversal guarentees that user > > is not None. > > return > > > > if not ISite.providedBy(ob): > > # We won't find an authentication utility here, > > so give up. > > return > > > > sm = removeSecurityProxy(ob).getSiteManager() > > > > auth = sm.queryUtility(IAuthentication) > > if auth is None: > > # No auth utility here > > return > > > > # Try to authenticate against the auth utility > > principal = auth.authenticate(request)
AW: [Zope3-Users] Disabling authentication for resources
Hi Andrew > Betreff: Re: [Zope3-Users] Disabling authentication for resources [...] I guess bypass the authentication process is not supported for zope.Public protected objects. Zope does authenticate the user. And later it checks security for the object based on that user (authorization). zope.Public is correct for public access, but it doesn't mean the user get not authenticated. Remember authentication and authorization are two different things. I'm not really sure. But I guess without authentication, Zope doesn't know if even zope.Public is allowed for this user because you can deny permissions. But I'm also not sure without to introspect the code if zope.Public can set as deny. Hope that gives some hints for deep into the internals of IAuthentication. If you need a simpler implementation, take a look at z3c.authenticator. Regards Roger Ineichen > > On Tue, 2008-07-08 at 22:52 -0700, Shailesh Kumar wrote: > > Did you try the resourceDirecotry ZCML directive? > > > > > > > name="js" > > > > directory="resource/js" > > > > layer=".interfaces.IBatonSkin" > > > > /> > > that way they don't need the authentication overhead. > > Thanks for the replies, everyone. This is what I currently > have as an example of a resource I'm fetching: > > name="ajs" > directory="ajs" > layer="vortex.layer.IVortexBrowserLayer" > permission="zope.Public" > /> > > But if I try to access one of these resources directly from the web, > e.g.: > > http://.../@@/ajs/gb_styles.css > > I still get my authentication code being called. I've tracked > it down this far: > > (zope.app.publication:zope.publication.py) > > def _maybePlacefullyAuthenticate(self, request, ob): > if not > IUnauthenticatedPrincipal.providedBy(request.principal): > # We've already got an authenticated user. > There's nothing to do. > # Note that beforeTraversal guarentees that user > is not None. > return > > if not ISite.providedBy(ob): > # We won't find an authentication utility here, > so give up. > return > > sm = removeSecurityProxy(ob).getSiteManager() > > auth = sm.queryUtility(IAuthentication) > if auth is None: > # No auth utility here > return > > # Try to authenticate against the auth utility > principal = auth.authenticate(request)
Re: [Zope3-Users] Disabling authentication for resources
Hi All, On Tue, 2008-07-08 at 22:52 -0700, Shailesh Kumar wrote: > Did you try the resourceDirecotry ZCML directive? > > > name="js" > > directory="resource/js" > > layer=".interfaces.IBatonSkin" > > /> > that way they don't need the authentication overhead. Thanks for the replies, everyone. This is what I currently have as an example of a resource I'm fetching: But if I try to access one of these resources directly from the web, e.g.: http://.../@@/ajs/gb_styles.css I still get my authentication code being called. I've tracked it down this far: (zope.app.publication:zope.publication.py) def _maybePlacefullyAuthenticate(self, request, ob): if not IUnauthenticatedPrincipal.providedBy(request.principal): # We've already got an authenticated user. There's nothing to do. # Note that beforeTraversal guarentees that user is not None. return if not ISite.providedBy(ob): # We won't find an authentication utility here, so give up. return sm = removeSecurityProxy(ob).getSiteManager() auth = sm.queryUtility(IAuthentication) if auth is None: # No auth utility here return # Try to authenticate against the auth utility principal = auth.authenticate(request)
Re: [Zope3-Users] OOBtrees & ZODB
On Wed, 2008-07-09 at 08:39 -0500, Randy Crafton wrote: > Folder uses an OOBTree to store it's data, so it should be ok. Thanks. I believe that solves my issue. :-) > But if you want to use BTreeContainer and have it work as a Site, you > just have the mix the two together in a custom container class: Is there some advantage to jumping through that hoop? I just want to be sure that my container will be able to handle a large (20,000+) number of objects. Cheers, Tim -- ** Join the OSHIP project. It is the standards based, open source healthcare application platform in Python. Home page: https://launchpad.net/oship/ Wiki: http://www.openehr.org/wiki/display/dev/Python+developer%27s+page ** signature.asc Description: This is a digitally signed message part ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Re: buildout z3ext Error
Hi, ok change python2.4 to python2.5. but I get errors. I have installed setuptools-0.6c8, but z3ext installs setuptools-0.6c7-py2.5.egg. I have had other problems in others modules because they wore the setuptools-0.6c7. It was resolved with the version 0.6c8 (sorry for my english) $python2.5 ./bootstrap.py $./bin/buildout ... ... Getting distribution for 'zope.i18nmessageid==3.4.3'. Traceback (most recent call last): File "", line 1, in File "/usr/lib/python2.5/site-packages/easy_install.py", line 1670, in main File "/usr/lib/python2.5/site-packages/easy_install.py", line 1659, in with_ei_usage File "/usr/lib/python2.5/site-packages/easy_install.py", line 1674, in File "/usr/lib/python2.5/distutils/core.py", line 151, in setup dist.run_commands() File "/usr/lib/python2.5/distutils/dist.py", line 974, in run_commands self.run_command(cmd) File "/usr/lib/python2.5/distutils/dist.py", line 994, in run_command cmd_obj.run() File "/usr/lib/python2.5/site-packages/easy_install.py", line 211, in run File "/usr/lib/python2.5/site-packages/easy_install.py", line 427, in easy_install File "/usr/lib/python2.5/site-packages/easy_install.py", line 471, in install_item File "/usr/lib/python2.5/site-packages/easy_install.py", line 655, in install_eggs File "/usr/lib/python2.5/site-packages/easy_install.py", line 930, in build_and_install File "/usr/lib/python2.5/site-packages/easy_install.py", line 919, in run_setup File "build/bdist.linux-i686/egg/setuptools/sandbox.py", line 27, in run_setup File "build/bdist.linux-i686/egg/setuptools/sandbox.py", line 63, in run File "build/bdist.linux-i686/egg/setuptools/sandbox.py", line 29, in File "setup.py", line 61, in 'zope.traversing', File "/usr/lib/python2.5/distutils/core.py", line 151, in setup dist.run_commands() File "/usr/lib/python2.5/distutils/dist.py", line 974, in run_commands self.run_command(cmd) File "/usr/lib/python2.5/distutils/dist.py", line 994, in run_command cmd_obj.run() File "/home/share/Almacen/Instaladores-Linux/cversiones/svn/z3ext/eggs/setuptools-0.6c7-py2.5.egg/setuptools/command/bdist_egg.py", line 174, in run File "/home/share/Almacen/Instaladores-Linux/cversiones/svn/z3ext/eggs/setuptools-0.6c7-py2.5.egg/setuptools/command/bdist_egg.py", line 161, in call_command File "/usr/lib/python2.5/distutils/cmd.py", line 333, in run_command self.distribution.run_command(command) File "/usr/lib/python2.5/distutils/dist.py", line 994, in run_command cmd_obj.run() File "/home/share/Almacen/Instaladores-Linux/cversiones/svn/z3ext/eggs/setuptools-0.6c7-py2.5.egg/setuptools/command/install_lib.py", line 20, in run File "/usr/lib/python2.5/distutils/command/install_lib.py", line 112, in build self.run_command('build_ext') File "/usr/lib/python2.5/distutils/cmd.py", line 333, in run_command self.distribution.run_command(command) File "/usr/lib/python2.5/distutils/dist.py", line 994, in run_command cmd_obj.run() File "/home/share/Almacen/Instaladores-Linux/cversiones/svn/z3ext/eggs/setuptools-0.6c7-py2.5.egg/setuptools/command/build_ext.py", line 46, in run File "/usr/lib/python2.5/distutils/command/build_ext.py", line 290, in run self.build_extensions() File "/usr/lib/python2.5/site-packages/Pyrex/Distutils/build_ext.py", line 82, in build_extensions self.build_extension(ext) * File "/home/share/Almacen/Instaladores-Linux/cversiones/svn/z3ext/eggs/setuptools-0.6c7-py2.5.egg/setuptools/command/build_ext.py", line 175, in build_extension* File "/usr/lib/python2.5/distutils/command/build_ext.py", line 453, in build_extension sources = self.swig_sources(sources, ext) * File "/home/share/Almacen/Instaladores-Linux/cversiones/svn/z3ext/eggs/setuptools-0.6c7-py2.5.egg/setuptools/command/build_ext.py", line 77, in swig_sources* *TypeError: swig_sources() takes exactly 3 arguments (2 given)* An error occured when trying to install zope.i18nmessageid 3.4.3.Look above this message for any errors thatwere output by easy_install. While: Installing. Getting section logs. Initializing section logs. Installing recipe lovely.recipe. Getting distribution for 'zope.i18nmessageid==3.4.3'. Error: Couldn't install: zope.i18nmessageid 3.4.3 On Mon, Jul 7, 2008 at 10:53 PM, Nikolay Kim <[EMAIL PROTECTED]> wrote: > z3ext packages a bit outdated, but trunk is pretty stable > you can try this > > svn co > https://z3ext.svn.sourceforge.net/svnroot/z3ext/Sandbox/fairwinds/z3extdev > cd z3extdev > python2.5 ./bootstrap.py > ./bin/buildout > ./bin/app > > > but error you've got is related to zope3. do you able build zope3 > standalone? > > > -- _\|/_ (O-O) --oOO-(_)-OOo Hector Miuler Malpica Gallegos Universidad Nacional del Callao - Peru Escuela de Ingenieria Electronica usuario registrado #308608 ___ Zope3-users mailing list Zope3-users@zope.org http:
Re: [Zope3-Users] Disabling authentication for resources
On Tuesday 08 July 2008, andrew wrote: > I've got a web application that uses pluggable authentication, but I > don't want the overhead of authentication for public resources like CSS, > javascript, images, etc. Is it possible to just disable authentication > for a given resource ? I tried just setting the permission to zope.View, > but that didn't seem to make any difference. You have to set the permission to zope.Public. It is a special permission that, when seen, bypasses the security context lookup. Regards, Stephan -- Stephan Richter Web Software Design, Development and Training Google me. "Zope Stephan Richter" ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] OOBtrees & ZODB
Folder uses an OOBTree to store it's data, so it should be ok. But if you want to use BTreeContainer and have it work as a Site, you just have the mix the two together in a custom container class: from zope.app.container.interfaces import IContainer from zope.app.component.interfaces import IPossibleSite class IMyFolder(IContainer, IPossibleSite): """My Custom Container""" from zope.app.component.site import SiteManagerContainer from zope.app.container import btree class MyFolder(SiteManagerContainer, btree.BTreeContainer): zope.interface.implements(IMyFolder) Then the following should work: if 'AR' not in root['Application']: root['Application']['AR']=MyFolder() sm = LocalSiteManager(root['Application']['AR']) root['Application']['AR'].setSiteManager(sm) transaction.commit() Randy On Tue, Jul 8, 2008 at 11:10 AM, Tim Cook <[EMAIL PROTECTED]> wrote: > I am building a platform where I want to initialize the ZODB (that will > be running under Zope) with three folders with sitemanagers. > > If I use Folders like this: > > if 'AR' not in root['Application']: >root['Application']['AR']=folder.Folder() >sm = LocalSiteManager(root['Application']['AR']) >root['Application']['AR'].setSiteManager(sm) >transaction.commit() > > it works great and I can then add initial objects to the folders. > > But, these folder sill potentially contain tens of thousands of objects > so I really want to use BTree Folders. But when I do this: > > from zope.app.container.btree import BTreeContainer > > ... > > if 'AR' not in root['Application']: >root['Application']['AR']=BTreeContainer() >sm = LocalSiteManager(root['Application']['AR']) >root['Application']['AR'].setSiteManager(sm) >transaction.commit() > > I get this: > > File > "/home/tim/projects/ref_impl_python/TRUNK/oship/src/oship/atbldr/atbldr.py", > line 78, in ? >root['Application']['AR'].setSiteManager(sm) > AttributeError: 'BTreeContainer' object has no attribute > 'setSiteManager' > > So BtreeContainers don't have a siteManager. > > I would like to OOBTree but I have been unable to even discern the > proper way to import it. > > Thanks. > > Tim > > > > > > -- > Timothy Cook, MSc > Health Informatics Research & Development Services > LinkedIn Profile:http://www.linkedin.com/in/timothywaynecook > Skype ID == timothy.cook > ** > *You may get my Public GPG key from popular keyservers or * > *from this link http://timothywayne.cook.googlepages.com/home* > ** > > ___ > Zope3-users mailing list > Zope3-users@zope.org > http://mail.zope.org/mailman/listinfo/zope3-users > > ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users