Re: AW: [Zope3-Users] efficiency of PAU authentication
On Tuesday 29 April 2008, nixon wrote: in app.publication.zopepublication.py there are 2 methods. Maybe they are invoked in different scenarios, I am not sure. But at least one PAU auth for each request. def callTraversalHooks(self, request, ob): # Call __before_publishing_traverse__ hooks notify(BeforeTraverseEvent(ob, request)) # This is also a handy place to try and authenticate. self._maybePlacefullyAuthenticate(request, ob) def afterTraversal(self, request, ob): #recordMetaData(object, request) self._maybePlacefullyAuthenticate(request, ob) callTraverslHooks is called after any new object has been traversed in the traversal process. See zope.publisher.base.BaseRequest.traverse. afterTraversal is called in zope.publisher.publish.publish after all traversal is done. So yes, you would see multiple attempts to authenticate. Zope cannot guess that you end up at the same place. As Roger suggestedm some caching might be good, if the credentials verification is expensive. Regards, Stephan -- Stephan Richter Web Software Design, Development and Training Google me. Zope Stephan Richter ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: AW: [Zope3-Users] efficiency of PAU authentication
I write some code to realize session-cache RDB authentication. RDBPluggableAuthentication is a new PAU, which works well after my testing. class RDBPluggableAuthentication(PluggableAuthentication): new session-cache PluggableAuthentication def authenticate(self, request): authenticatorPlugins = [p for n, p in self.getAuthenticatorPlugins()] for name, credplugin in self.getCredentialsPlugins(): credentials = credplugin.extractCredentials(request) for authplugin in authenticatorPlugins: if authplugin is None: continue authplugin._v_sessdata = ISession(request)['mn.authcache'] #in order to get sessionData return authplugin.authenticateCredentials(credentials) return None def getPrincipal(self, id): if not id.startswith(self.prefix): next = queryNextUtility(self, IAuthentication) if next is None: raise PrincipalLookupError(id) return next.getPrincipal(id) raise PrincipalLookupError(id) #ok for groups checking, not sure for other invokers class RDBAuthenticator(SQLexec): select login, pwd, name, role from tuser where login=dtml-sqlvar login type=string; implements(IAuthenticatorPlugin) def __init__(self, prefix = ''): self.prefix = prefix self._v_sessdata = None def authenticateCredentials(self, credentials): if not (credentials and 'login' in credentials and 'password' in credentials): return login, password = credentials['login'], credentials['password'] prin_cache = self._v_sessdata and self._v_sessdata.get('principal', None) if prin_cache and prin_cache.id[len(self.prefix):] == login and getattr(prin_cache, 'pwd', None) == password: return prin_cache result = self.execute(self.__doc__, login=login) if not result: return usr = result[0] if password != usr.pwd.strip(): return prin = RDBPrincipal(self.prefix + login, usr.name, usr.name) prin.pwd = password prin.groups.extend(usr.role.split(',')) self._v_sessdata['principal'] = prin return prin def principalInfo(self, id): pass #no invoking from getPrincipal class RDBPrincipal(Persistent, Principal): groups = PersistentList() -- View this message in context: http://www.nabble.com/efficiency-of-PAU-authentication-tp16972305p17093684.html Sent from the Zope3 - users mailing list archive at Nabble.com. ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] efficiency of PAU authentication
Hi, dear all, PAU authenticates 2 times each request, before and after traversal. What if I make an authentication plugin based on relational database? Everytime the plugin has to create a pricipal from database, assign roles to it, ... When the website is under heavy load, there must be huge number of authentication request. Is RDB based PAU efficient enough to do authentication? I have an idea of session-cache authentication: fetch credentials from RDB and cache them in session. Is this more efficient? Best Regards Nixon ___ 雅虎邮箱,您的终生邮箱! http://cn.mail.yahoo.com/___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
AW: [Zope3-Users] efficiency of PAU authentication
Hi Nixon Betreff: [Zope3-Users] efficiency of PAU authentication Hi, dear all, PAU authenticates 2 times each request, before and after traversal. Really? Can you explain why this happens? What if I make an authentication plugin based on relational database? Everytime the plugin has to create a pricipal from database, assign roles to it, ... When the website is under heavy load, there must be huge number of authentication request. Is RDB based PAU efficient enough to do authentication? I have an idea of session-cache authentication: fetch credentials from RDB and cache them in session. Is this more efficient? Yes, of corse, I recommend caching if you need to run a heavy loaded site. Regards Roger Ineichen Best Regards Nixon 雅虎邮箱,您的终生邮箱! http://cn.mail.yahoo.com/ ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: AW: [Zope3-Users] efficiency of PAU authentication
Hi, in app.publication.zopepublication.py there are 2 methods. Maybe they are invoked in different scenarios, I am not sure. But at least one PAU auth for each request. def callTraversalHooks(self, request, ob): # Call __before_publishing_traverse__ hooks notify(BeforeTraverseEvent(ob, request)) # This is also a handy place to try and authenticate. self._maybePlacefullyAuthenticate(request, ob) def afterTraversal(self, request, ob): #recordMetaData(object, request) self._maybePlacefullyAuthenticate(request, ob) - Original Message From: Roger Ineichen [EMAIL PROTECTED] To: nixon [EMAIL PROTECTED]; zope3-users@zope.org Sent: Wednesday, April 30, 2008 11:26:31 AM Subject: AW: [Zope3-Users] efficiency of PAU authentication Hi Nixon Betreff: [Zope3-Users] efficiency of PAU authentication Hi, dear all, PAU authenticates 2 times each request, before and after traversal. Really? Can you explain why this happens? What if I make an authentication plugin based on relational database? Everytime the plugin has to create a pricipal from database, assign roles to it, ... When the website is under heavy load, there must be huge number of authentication request. Is RDB based PAU efficient enough to do authentication? I have an idea of session-cache authentication: fetch credentials from RDB and cache them in session. Is this more efficient? Yes, of corse, I recommend caching if you need to run a heavy loaded site. Regards Roger Ineichen Best Regards Nixon 雅虎邮箱,您的终生邮箱! http://cn.mail.yahoo.com/ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users