I've been trying to figure out how to affect the order in which these
prerun hooks are processed, and it's escaping me. For now, I just have
to settle to let the runmodes that have no real authz restrictions to
not even be protected (e.g., landing pages) and to just be okay with
those authz pages t
On Thu, Jun 14, 2012 at 10:12:40AM +1000, Cees Hek wrote:
> Hi Brett,
>
> Authorization is not purely related to authentication. For example
> you could authorize access based on an IP Address, or based on the
> time of the day. So we can't automatically decline a request just
> because they are
Hi Brett,
Authorization is not purely related to authentication. For example
you could authorize access based on an IP Address, or based on the
time of the day. So we can't automatically decline a request just
because they are not logged in.
But as you say, your authentication checks should hav
On Wed, Jun 13, 2012 at 02:58:28PM -0500, B. Estrade wrote:
> I am finding that if I have a runmode that is protected via
> authentication and authorization, the authen doesn't happen before the
> authz is validated.
>
> In otherwords, I want a authen to happen first; if it fails, redirect
> to th
I am finding that if I have a runmode that is protected via
authentication and authorization, the authen doesn't happen before the
authz is validated.
In otherwords, I want a authen to happen first; if it fails, redirect
to the login. If authen is okay, proceseed to authz.
Right now I have this u
