Hello, I'm trying setup a repoze.bfg application where users are allowed to authenticate through the HTTP authentication mechanism.
I thought that using the built-in authentication policy `RemoteUserAuthenticationPolicy` with the help of a middleware such as `paste.auth.basic` would do the trick, but either I'm too stupid to figure out how to configure all of this, or I need something else. So, what I did is: * setup the authentication policy in my configure.zcml:: <remoteuserauthenticationpolicy environ_key="REMOTE_USER" callback=".security.groups_user" /> The callback is the following:: def groups_user(user, request): if user in request.root['users']: return [] # The user is known, but it has no groups else: return None # User unknown Where `root['users']` is the ZODB dictionary which contains my users. * I defined a forbidden view, which returns `webob.exc.HTTPUnauthorized` (AFAIK, the default one is already doing the same) * I configured the Paste middleware as such:: [filter:grant] use = egg:Paste#auth_basic realm=foo authfunc=app.security:http_auth For reference, the `authfunc` receives `environ`, `username` and `password` and is suppose to return `None` or the username if it can authenticate the user. Now, I'm a bit stuck, since I want the auth function of Paste to do the same thing as the callback function of the authentication policy, but I can't, since I don't have access to the request and the ZODB. I'm a bit confused and I didn't find much informations on how to set this up. As far as I understand the system now, it seems that I can't really use what I described previously, and I need to write my own authentication policy. But I'm not sure if and how I could reuse the work from `paste.auth.basic` (or another one) to do this. Did I do something wrong? Is there a better way to configure this? Thanks, Jonathan _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev