I'm trying setup a repoze.bfg application where users are allowed to
authenticate through the HTTP authentication mechanism.

I thought that using the built-in authentication policy
`RemoteUserAuthenticationPolicy` with the help of a middleware such as
`paste.auth.basic` would do the trick, but either I'm too stupid to figure out
how to configure all of this, or I need something else.

So, what I did is:

 * setup the authentication policy in my configure.zcml::

        callback=".security.groups_user" />

   The callback is the following::

    def groups_user(user, request):
        if user in request.root['users']:
            return [] # The user is known, but it has no groups
            return None # User unknown

   Where `root['users']` is the ZODB dictionary which contains my users.

 * I defined a forbidden view, which returns `webob.exc.HTTPUnauthorized`
   (AFAIK, the default one is already doing the same)

 * I configured the Paste middleware as such::

    use = egg:Paste#auth_basic

   For reference, the `authfunc` receives `environ`, `username` and `password`
   and is suppose to return `None` or the username if it can authenticate the

Now, I'm a bit stuck, since I want the auth function of Paste to do the same
thing as the callback function of the authentication policy, but I can't, since
I don't have access to the request and the ZODB.

I'm a bit confused and I didn't find much informations on how to set this up. As
far as I understand the system now, it seems that I can't really use what I
described previously, and I need to write my own authentication policy. But I'm
not sure if and how I could reuse the work from `paste.auth.basic` (or another
one) to do this.

Did I do something wrong? Is there a better way to configure this?


Repoze-dev mailing list

Reply via email to