On Thu, 2008-07-10 at 02:44 +0200, Roger Ineichen wrote: > I guess bypass the authentication process is not supported for > zope.Public protected objects. > > Zope does authenticate the user. And later it checks security > for the object based on that user (authorization). > > zope.Public is correct for public access, but it doesn't mean > the user get not authenticated. Remember authentication and > authorization are two different things. > > I'm not really sure. But I guess without authentication, > Zope doesn't know if even zope.Public is allowed for this > user because you can deny permissions. But I'm also not sure > without to introspect the code if zope.Public can set as deny. > > Hope that gives some hints for deep into the internals > of IAuthentication. If you need a simpler implementation, > take a look at z3c.authenticator.
That's great, thanks Roger. That's a good point that authentication and authorization are different things. So, it would seem that there's no easy way to avoid the authentication process altogether, so I'll just hope that the overhead is not too great :-) Cheers, Andrew. _______________________________________________ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users