Re: AW: [Zope3-Users] efficiency of PAU authentication
On Tuesday 29 April 2008, nixon wrote: in app.publication.zopepublication.py there are 2 methods. Maybe they are invoked in different scenarios, I am not sure. But at least one PAU auth for each request. def callTraversalHooks(self, request, ob): # Call __before_publishing_traverse__ hooks notify(BeforeTraverseEvent(ob, request)) # This is also a handy place to try and authenticate. self._maybePlacefullyAuthenticate(request, ob) def afterTraversal(self, request, ob): #recordMetaData(object, request) self._maybePlacefullyAuthenticate(request, ob) callTraverslHooks is called after any new object has been traversed in the traversal process. See zope.publisher.base.BaseRequest.traverse. afterTraversal is called in zope.publisher.publish.publish after all traversal is done. So yes, you would see multiple attempts to authenticate. Zope cannot guess that you end up at the same place. As Roger suggestedm some caching might be good, if the credentials verification is expensive. Regards, Stephan -- Stephan Richter Web Software Design, Development and Training Google me. Zope Stephan Richter ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: AW: [Zope3-Users] efficiency of PAU authentication
I write some code to realize session-cache RDB authentication.
RDBPluggableAuthentication is a new PAU, which works well after my testing.
class RDBPluggableAuthentication(PluggableAuthentication):
new session-cache PluggableAuthentication
def authenticate(self, request):
authenticatorPlugins = [p for n, p in
self.getAuthenticatorPlugins()]
for name, credplugin in self.getCredentialsPlugins():
credentials = credplugin.extractCredentials(request)
for authplugin in authenticatorPlugins:
if authplugin is None:
continue
authplugin._v_sessdata =
ISession(request)['mn.authcache'] #in order to
get sessionData
return
authplugin.authenticateCredentials(credentials)
return None
def getPrincipal(self, id):
if not id.startswith(self.prefix):
next = queryNextUtility(self, IAuthentication)
if next is None:
raise PrincipalLookupError(id)
return next.getPrincipal(id)
raise PrincipalLookupError(id) #ok for groups checking, not
sure for other
invokers
class RDBAuthenticator(SQLexec):
select login, pwd, name, role from tuser where login=dtml-sqlvar
login
type=string;
implements(IAuthenticatorPlugin)
def __init__(self, prefix = ''):
self.prefix = prefix
self._v_sessdata = None
def authenticateCredentials(self, credentials):
if not (credentials and 'login' in credentials and 'password' in
credentials):
return
login, password = credentials['login'], credentials['password']
prin_cache = self._v_sessdata and
self._v_sessdata.get('principal', None)
if prin_cache and prin_cache.id[len(self.prefix):] == login and
getattr(prin_cache, 'pwd', None) == password:
return prin_cache
result = self.execute(self.__doc__, login=login)
if not result:
return
usr = result[0]
if password != usr.pwd.strip():
return
prin = RDBPrincipal(self.prefix + login, usr.name, usr.name)
prin.pwd = password
prin.groups.extend(usr.role.split(','))
self._v_sessdata['principal'] = prin
return prin
def principalInfo(self, id):
pass #no invoking from getPrincipal
class RDBPrincipal(Persistent, Principal):
groups = PersistentList()
--
View this message in context:
http://www.nabble.com/efficiency-of-PAU-authentication-tp16972305p17093684.html
Sent from the Zope3 - users mailing list archive at Nabble.com.
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] efficiency of PAU authentication
Hi, dear all, PAU authenticates 2 times each request, before and after traversal. What if I make an authentication plugin based on relational database? Everytime the plugin has to create a pricipal from database, assign roles to it, ... When the website is under heavy load, there must be huge number of authentication request. Is RDB based PAU efficient enough to do authentication? I have an idea of session-cache authentication: fetch credentials from RDB and cache them in session. Is this more efficient? Best Regards Nixon ___ 雅虎邮箱,您的终生邮箱! http://cn.mail.yahoo.com/___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
AW: [Zope3-Users] efficiency of PAU authentication
Hi Nixon Betreff: [Zope3-Users] efficiency of PAU authentication Hi, dear all, PAU authenticates 2 times each request, before and after traversal. Really? Can you explain why this happens? What if I make an authentication plugin based on relational database? Everytime the plugin has to create a pricipal from database, assign roles to it, ... When the website is under heavy load, there must be huge number of authentication request. Is RDB based PAU efficient enough to do authentication? I have an idea of session-cache authentication: fetch credentials from RDB and cache them in session. Is this more efficient? Yes, of corse, I recommend caching if you need to run a heavy loaded site. Regards Roger Ineichen Best Regards Nixon 雅虎邮箱,您的终生邮箱! http://cn.mail.yahoo.com/ ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: AW: [Zope3-Users] efficiency of PAU authentication
Hi, in app.publication.zopepublication.py there are 2 methods. Maybe they are invoked in different scenarios, I am not sure. But at least one PAU auth for each request. def callTraversalHooks(self, request, ob): # Call __before_publishing_traverse__ hooks notify(BeforeTraverseEvent(ob, request)) # This is also a handy place to try and authenticate. self._maybePlacefullyAuthenticate(request, ob) def afterTraversal(self, request, ob): #recordMetaData(object, request) self._maybePlacefullyAuthenticate(request, ob) - Original Message From: Roger Ineichen [EMAIL PROTECTED] To: nixon [EMAIL PROTECTED]; zope3-users@zope.org Sent: Wednesday, April 30, 2008 11:26:31 AM Subject: AW: [Zope3-Users] efficiency of PAU authentication Hi Nixon Betreff: [Zope3-Users] efficiency of PAU authentication Hi, dear all, PAU authenticates 2 times each request, before and after traversal. Really? Can you explain why this happens? What if I make an authentication plugin based on relational database? Everytime the plugin has to create a pricipal from database, assign roles to it, ... When the website is under heavy load, there must be huge number of authentication request. Is RDB based PAU efficient enough to do authentication? I have an idea of session-cache authentication: fetch credentials from RDB and cache them in session. Is this more efficient? Yes, of corse, I recommend caching if you need to run a heavy loaded site. Regards Roger Ineichen Best Regards Nixon 雅虎邮箱,您的终生邮箱! http://cn.mail.yahoo.com/ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
