You are probably going to want to subclass the normal LoginModule which has a cookie-based session system in it. It normally only checks the HTTP creds when you go to /login, after which point it creates a session token and hands it to you in a cookie.
--Noah > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Adam Edgar > Sent: Monday, June 21, 2010 2:19 PM > To: Trac Development > Subject: [Trac-dev] IAuthenticator > > I've been mucking around with writing an IAuthenticator class. The only > method I have to supply is "authenticate" Within our corporate > environment we use a "common logon" system that sets an encrypted > cookie > in the users browser. Our systems then grab said cookie and decrypt > using the public key which let's us know who the user is. I've been > able > to write "authenticate" but I'm a bit curious as to why it is called so > many times and whether or not there is a way to authenticate for an > entire active session. I don't want to waste CPU decrypting the cookie > each time the user navigates to a new page. Here's the code snippet: > > def authenticate(self, req): > if not req.incookie.has_key(self.secureCookie): > #after central login you will be bounced back here > req.redirect(self.logonServer + req.abs_href.login()) > return 'anonymous' > else: > username=self.decrypt(req.incookie[self.secureCookie]) > if username == "": > #expired cookie most likely > req.redirect(self.logonServer + req.abs_href.login()) > return 'anonymous' > return username > > I tried to check to see if "authname" was set but that seems to cause > infinite recursion. Ideally a session variable would store the > authenticated name the first time it was called and authenticate would > not be called anymore. Trac may not have done it this way because using > htpasswd always sends the authentication data with each page browse. > > ASE > > -- > You received this message because you are subscribed to the Google > Groups "Trac Development" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to trac- > [email protected]. > For more options, visit this group at > http://groups.google.com/group/trac-dev?hl=en. -- You received this message because you are subscribed to the Google Groups "Trac Development" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/trac-dev?hl=en.
