As I read the repoze.who and repoze.what documentation, there is a mountain of detail and how-to, but I just can't seem to get the big picture of how repoze.who, repoze.what, and Pylons interact. I plan an application that needs both authentication (through Kerberos) and authorization.
Can someone please enlighten me about a few basic questions? If these answers are somewhere on the Web, I haven't been able to find them. 1. What is the relationship between repoze.who and repoze.what? The documentation for each never mentions the other. If I'm doing both authentication and authorization, do I use both, or does .what include the functionality of .who? Do I want both in my WSGI pipeline or just .what? 2. Can any WSGI layer present pages using the templates and forms in the application layer? If the authentication layer needs to present a login form, I would like it to have the same look and feel as the other pages my application will present. Or does it just notify the application to present the login form? 3. What is the life cycle of a request through all the layers for these three scenarios? The docs tell me a lot about what each layer can do to the request and the response, but they're vague about what kinds of requests should get passed through and which ones should be modified by each layer. 3a. A new user is challenged, enters correct values on the login form, and then requests a page that is restricted to authenticated users, and the application renders it. 3b. A user has already authenticated, and their browser has one of our cookies, and they request a restricted page, and the application renders it. 3c. A user fails login, and then requests an unrestricted page, which unauthenticated users are allowed to see, and the application renders it. 4. I like Blackboard's look and feel: all their pages look the same, and each one has either a 'Login' link or a 'Logout' link in the top right corner, depending on whether you are logged in at the time. How does the template know which link to present? If there isn't currently anything online that discusses these big- picture details, I'd be happy to write one, once I understand it well enough. Is there a Repoze book in process? There is a book about something called Repoze.bfg, of which I'd never heard until I searched Amazon books for "repoze" three minutes ago. Is anyone using that? Does it play nicely with Pylons? -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
