[Zope-PAS] Re: plonePAS and JAX-WS

2006-08-25 Thread Zachery Bir

On Aug 25, 2006, at 10:17 AM, Tres Seaver wrote:


Zachery Bir wrote:

On Aug 25, 2006, at 5:40 AM, Jens Vagelpohl wrote:


On 25 Aug 2006, at 05:47, Serge Zagorac wrote:


Hi All

Is there any way or example how to  configure plonePAS to  
consume a web
service  (in my case JAX-WS via SOAP ) in order to get user  
details?


This won't be a configuration issue, it will be a coding issue. You
don't mention specifically what consume a web service means,  
but you

might be able to put together a Scriptable Multiplugin or write your
own filesystem-based plugin to do the job.

However, there is one big caveat. Making HTTP calls (or almost any
other network request) out of Zope code during the execution of a  
web

request is risky. The executing thread will wait until the external
request has been answered, and if for whatever reason no answer is
received it will hang forever. There are four threads available in a
normal Zope configuration, the fourth time this happens your website
will be unavailable and Zope must be restarted. A lot of care  
needs to
be taken to ensure there are sensible timeouts on these external  
calls

to prevent hangs.


You can get around it, though, if you use something like Zasync. A  
bit

heavy-handed, but it's there for ya. :^)


You can't authenticate asynchronously -- the original request is  
stalled

untill the out-of-process call returns, and there is no way to release
the thread / connection pool it is using.


Well, fine. Bring you reality into it. ;^)

Zac

___
Zope-PAS mailing list
Zope-PAS@zope.org
http://mail.zope.org/mailman/listinfo/zope-pas


Re: [Zope-PAS] Domainauth

2006-06-22 Thread Zachery Bir

On Jun 22, 2006, at 3:25 AM, Janko Hauser wrote:

Hello, I'm trying to setup a domain based authentication. The  
situation is, that there is already a cookie-based authentication.  
Additionally we want to enable a direct login for some specific  
domains. Is this at all possible? I added a Domain Auth Plugin and  
activated it as the authentication plugin. Then I changed the order  
for this interface, so that Domain Auth is on top. But a request  
from such a domain get's an unauthorized and is redirected to the  
normal login page.


Is there something more needed? I tried with the exact IP and with  
an endswith match for the domain name.


What do I miss?


(It's been a long time since the DomainAuthHelper was created,  
forgive me if I'm slow)


Are you using mod_rewrite by any chance? You may need to turn on X- 
Forwarded-For (I forget the exact header), since in the default case,  
REMOTE_HOST is usually the Apache instance in such a setup.


Zac

___
Zope-PAS mailing list
Zope-PAS@zope.org
http://mail.zope.org/mailman/listinfo/zope-pas


[Zope-Checkins] SVN: Zope/trunk/utilities/tracelog.py Typos and provide proper help text for --html option.

2006-05-05 Thread Zachery Bir
Log message for revision 67995:
  Typos and provide proper help text for --html option.
  

Changed:
  U   Zope/trunk/utilities/tracelog.py

-=-
Modified: Zope/trunk/utilities/tracelog.py
===
--- Zope/trunk/utilities/tracelog.py2006-05-05 15:37:11 UTC (rev 67994)
+++ Zope/trunk/utilities/tracelog.py2006-05-05 17:03:08 UTC (rev 67995)
@@ -284,10 +284,10 @@
 print tr
 print 'thMinute/th'
 print 'thRequests/th'
-print 'thResquests inputing/th'
-print 'thResquests executing or waiting/th'
-print 'thResquests outputing/th'
-print 'thResquests completed/th'
+print 'thRequests inputing/th'
+print 'thRequests executing or waiting/th'
+print 'thRequests outputing/th'
+print 'thRequests completed/th'
 print 'thMean Seconds Per Request Total/th'
 print 'thMean Seconds Per Request in App/th'
 print /tr
@@ -444,8 +444,7 @@
 )
 parser.add_option(--html, dest='html', action='store_true',
   help=
-The name of an event log that goes with the trace log.  This is used
-to determine when the server is restarted, so that the running trace data 
structures can be reinitialized.
+Generate HTML output.
 )
 parser.add_option(--remove-prefix, dest='remove_prefix',
   help=

___
Zope-Checkins maillist  -  Zope-Checkins@zope.org
http://mail.zope.org/mailman/listinfo/zope-checkins


[Zope-dev] Curious about age old WebDAV decisions...

2005-12-28 Thread Zachery Bir
I've got a Folder (indirection) and a DTML Method (found) in the root  
of a Zope site. HEAD requests fail on the indirected DTML Method due  
to OFS.ObjectManager's __getitem__ method:


def __getitem__(self, key):
import pdb;pdb.set_trace()
v=self._getOb(key, None)
if v is not None: return v
if hasattr(self, 'REQUEST'):
request=self.REQUEST
method=request.get('REQUEST_METHOD', 'GET')
if request.maybe_webdav_client and not method in ('GET',  
'POST'):

return NullResource(self, key, request).__of__(self)
raise KeyError, key

I wasn't around during the development of the WebDAV code, so I'm  
loathe to just jump in and start changing things, but why isn't  
'HEAD' exempted from the NullResource as well, given that HTTP specs  
state that HEAD *must* return the same headers that a GET would  
provide (ignoring for the moment the Collector issue thread over  
whether HEAD should provide the length of the source of a document or  
its fully rendered content - let's just try to make sure both methods  
work on the *same object*). What was the reasoning behind the  
decision? These changes happened way back in the Dark Ages (late  
March 1999 or so, earlier in the month, this code was added to  
OFS.Folder with the initial WebDAV support). A trip through the  
WayBackMachine™ shows no discussion in the Zope-dev lists in early  
1999 when this was being worked on, and no real mention of WebDAV in  
Zope for most of the rest of that year (on Zope-dev or the general  
Zope list). Am I mistaking this for a problem?


  ~
  [EMAIL PROTECTED] $ curl http://localhost:2277/found
  hello~
  [EMAIL PROTECTED] $ curl http://localhost:2277/indirection/found
  hello~
  [EMAIL PROTECTED] $ curl -I http://localhost:2277/found
  HTTP/1.1 200 OK
  Server: Apache
  Date: Wed, 28 Dec 2005 18:59:58 GMT
  Last-Modified: Wed, 28 Dec 2005 18:54:07 GMT
  Accept-Ranges: none
  Content-Type: text/html
  Content-Length: 5

  ~
  [EMAIL PROTECTED] $ curl -I http://localhost:2277/indirection/found
  HTTP/1.1 404 Not Found
  Server: Apache
  Date: Wed, 28 Dec 2005 19:00:10 GMT
  Bobo-Exception-Line: 63
  Content-Length: 891
  Bobo-Exception-Value: See the server error log for details
  Content-Type: text/html
  Accept-Ranges: none
  Bobo-Exception-File: NullResource.py
  Bobo-Exception-Type: NotFound

Thanks,

Zac

___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


Re: [Zope-dev] Re: Directory structure on svn.zope.org

2005-12-27 Thread Zachery Bir

On Dec 27, 2005, at 9:57 AM, Zachery Bir wrote:


Let's keep the SVN repo structure as flat as possible.

Note that I think a project's name should be the dotted name of the
Python package (if one such package exists), so it should be

  Products.CompositePage/
  Products.PluginRegistry/
  Products.PluggableAuthService/
  Products.Zelenium/

instead of

  CompositePage/
  PluginRegistry/
  PluggableAuthService/
  Zelenium/


+1


(er, that was to Philipp's idea, not Andreas')

Zac

___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope )


[Zope-Annce] [ANN] PluggableAuthService 1.1b2

2005-07-14 Thread Zachery Bir

I'm pleased to announce another beta release of PluggableAuthService.

PluggableAuthService is a highly extensible replacement user folder
for Zope 2. It can manage users, groups, roles, and properties.

Summary

  PluggableAuthService is a highly extensible replacement user folder
  for Zope 2. It can manage arbitrary user, group, role, and property
  definitions with ease, and works best in very heterogeneous
  environments (users stored in MySQL, groups in LDAP, properties from
  the filesystem, c).

  For authentication, it supports HTTP Basic Auth, Cookie Auth, Domain
  Auth, and others, and can be extended to support just about any other
  mechanism.

Changes in this version

  - Fixed a template bug in the plugin activation form.

You can download the source in tarball or zip format from:

  http://www.zope.org/Members/urbanape/PluggableAuthService/ 
PluggableAuthService-1.1b2/PluggableAuthService-1.1b2.tar.gz
  http://www.zope.org/Members/urbanape/PluggableAuthService/ 
PluggableAuthService-1.1b2/PluggableAuthService-1.1b2.zip


Thanks,

Zachery Bir

___
Zope-Announce maillist  -  Zope-Announce@zope.org
http://mail.zope.org/mailman/listinfo/zope-announce

 Zope-Announce for Announcements only - no discussions

(Related lists - 
Users: http://mail.zope.org/mailman/listinfo/zope

Developers: http://mail.zope.org/mailman/listinfo/zope-dev )


[Zope-PAS] PluggableAuthService 1.1b2 released

2005-07-14 Thread Zachery Bir

I'm pleased to announce another beta release of PluggableAuthService.

PluggableAuthService is a highly extensible replacement user folder
for Zope 2. It can manage users, groups, roles, and properties.

Summary

 PluggableAuthService is a highly extensible replacement user folder
 for Zope 2. It can manage arbitrary user, group, role, and property
 definitions with ease, and works best in very heterogeneous
 environments (users stored in MySQL, groups in LDAP, properties from
 the filesystem, c).

 For authentication, it supports HTTP Basic Auth, Cookie Auth, Domain
 Auth, and others, and can be extended to support just about any other
 mechanism.

Changes in this version

 - Fixed a template bug in the plugin activation form.

You can download the source in tarball or zip format from:

 
http://www.zope.org/Members/urbanape/PluggableAuthService/PluggableAuthService-1.1b2/PluggableAuthService-1.1b2.tar.gz




http://www.zope.org/Members/urbanape/PluggableAuthService/PluggableAuthService-1.1b2/PluggableAuthService-1.1b2.zip

Thanks,

Zachery 


Bir


___
Zope-PAS mailing list
Zope-PAS@zope.org
http://mail.zope.org/mailman/listinfo/zope-pas


[Zope-PAS] PluginRegistry needs the same work...

2005-07-08 Thread Zachery Bir
So, it looks like PluginRegistry (a product that PAS depends on) will
need the same kinds of Interface adjustments to make it work in the
bridged manner that PAS now has. I'll be working on this today, and
hopefully cut a new release of PluginRegistry.

Zac

___
Zope-PAS mailing list
Zope-PAS@zope.org
http://mail.zope.org/mailman/listinfo/zope-pas


[Zope-Annce] [ANN] ZopeEditManger 0.9.6 Released

2005-06-22 Thread Zachery Bir

I'm pleased to announce the release of ZopeEditManager 0.9.6.

ZopeEditManager is a native Cocoa application that provides  
ExternalEditor functionality for Mac OS X users. Written using the  
PyObjC bindings, it extends the original work done by Casey Duncan,  
and makes it possible for Mac users to get the most out of this  
incredibly useful package.


What's new?

  - built to run on both Mac OS X 10.3 and 10.4

Downloads:

  Binary: http://www.urbanape.com/downloads/ZopeEditManager-0.9.6.zip

  Source: http://www.urbanape.com/downloads/ZopeEditManager-0.9.6- 
src.tgz


Thanks,

Zachery Bir


___
Zope-Announce maillist  -  Zope-Announce@zope.org
http://mail.zope.org/mailman/listinfo/zope-announce

 Zope-Announce for Announcements only - no discussions

(Related lists - 
Users: http://mail.zope.org/mailman/listinfo/zope

Developers: http://mail.zope.org/mailman/listinfo/zope-dev )


[Zope-dev] Re: ZEO, FastCGI and Shibboleth

2005-04-26 Thread Zachery Bir
On 2005-04-25 06:58:17 -0400, John Snowdon 
[EMAIL PROTECTED] said:

Has anyone any thoughts about how to go about shibboleth enabling a
whole host of ZEO instances... without each one having an Apache server
sitting in front of it? Or is there an alternative method out there that
perhaps is not widely known?
We'd contemplated doing more work with PAS and Shibboleth to actually 
get Zope to do the equivalent of mod_shibboleth, but it never went 
anywhere. We stick Zope behind Apache (or some other proxying system - 
Squid, et al.) as a matter of course, so it was a no-brainer to just 
use mod_shibboleth in situ.

We've posted the contents (modulo any specific policy) of our 
Shibboleth implementation for PAS. It amounts to a few Scriptable 
Plugins to handle the specific HTTP headers that get scribbled on a 
Shibboleth session. Here's the message:

 http://mail.zope.org/pipermail/zope-pas/2005-March/000314.html
Zac
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: [Zope-Coders] Unauthorized results in 401, shouldn't it result in 403?

2005-04-20 Thread Zachery Bir
On 2005-04-20 11:20:26 -0400, Chris Withers 
[EMAIL PROTECTED] said:

Sidnei da Silva wrote:
| 3. How does PAS handle failover from one authentication plugin to the next?
/me leaves slot for PAS experts to fill
Each attempt at authenticating a particular set of credentials gets a 
crack, and either stands up for the creds, or returns None.

CookieCrumbler it's this variable is set from the cookie value) and
that may result in a valid user or 'Anonymous User'.
Yeah, but how does CookieCrumbler stop a basic auth box being popped to 
the user when things aren't authorized?
By intercepting the RESPONSE's unauthorized() method. It's pretty 
plainly there in the code. FWIW, this is how PAS insinuates itself into 
the process as well, but to allow for any of the challenge plugins to 
fire this way.

| PS: I suspect the answer to 4 varies depending on the type of auth :-(
I don't think so.
CookieCrumbler vs Everything Else: I think it does...
Well, not in PAS ;^)
Zac
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )