Hermann Himmelbauer wrote: > Hi, > After thoroughly studying Philipp's book and the PAU-doctests, I > unfortunately > still have no clue how to do my authentication. My (simple) scenario is the > following: > > - I wrote a Zope package that can be added as a site > - I have one Zope instance with several of these sites > - Users should authenticate site-specific, e.g. users that authenticated for > site A should not automatically be authenticated for site B and never for the > Zope root > - I want to use Session Credentials > - I wrote an authenticator plug-in for an existing relational database that > looks like this: > > class PasswdAuthenticator(Persistent): > implements(IPasswd, IAuthenticatorPlugin, ILocation) > __parent__ = __name__ = None > > def authenticateCredentials(self, credentials): > if not (credentials and 'login' in credentials and > 'password' in credentials): > return > login, password = credentials['login'], credentials['password'] > if relation_db_check(login,passwd): > return PrincipalInfo() > > Now I have to glue all this together, but how? > > Do I need a local, site specific PAU? If yes, how do I create/store one > without the ZMI? I want that to automatically be done during site creation, > e.g. via a subscriber (I have already one that builds the basic site > structure). Probably a PAU is created like this: > > pau = zope.app.authentication.PluggableAuthentication('myprefix_') > > But - how do I add this to my site manager then? Have the prefixes to be > different for every PAU that are located in the different sites? > > How do I enable Session Credentials, or are they already enabled? > > And - how do I tell the PAU to use my authentication utility, perhaps I have > to create one and somehow place it into the PAU, as it's a container? Or > should I register it as a local utility? Or as a global utility? In case of a > utility, the Authenticator Plugin probably does not have to inherit from > persistent.Persistent? > > Moreover Philipp's book states that available plug-ins need to be configured > but I don't know to do this without the ZMI? > > Best Regards, > Hermann >
Hi Hermann, I do it roughly like this - but, in my experience there's usually a better way of doing things than whatever way I choose :-) It answers some of your questions... from zope.app.authentication.authentication import PluggableAuthentication from zope.app.security.interfaces import IAuthentication from zope.app.authentication.principalfolder import PrincipalFolder from zope.app.authentication.interfaces import IAuthenticatorPlugin # My event subscriber will be passed a reference to the site object # from which we can get the sitemanager sitemanager = event.object.getSiteManager() pau = PluggableAuthentication() sitemanager['PAU'] = pau sitemanager.registerUtility(pau, IAuthentication) # Tell the PAU which sort of credentials we want to use pau.credentialsPlugins = (u'Session Credentials') # make whatever authenticatorPlugin we want users = PrincipalFolder() users.prefix = u'users.' pau[u'users'] = users # get the current list of authenticator plugins, add users and reset aplugins = list(pau.authenticatorPlugins) aplugins.append(u'users') pau.authenticatorPlugins = aplugins Cheers, Rupert _______________________________________________ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users