Re: [Zope3-Users] NTLM credential plugin
On 9/13/06, Simon Hang [EMAIL PROTECTED] wrote: I'm thinging to write a NTLM credential plugin for zope3. But as I know, ntlm use 4-way handshake procedure, that means it needs two round-trips between server(zope3) and client(browser). Have you looked at Zope Corp's zc.winauth package? http://svn.zope.org/zc.winauth/trunk/src/zc/winauth/ -- Martijn Pieters ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Re: NTLM credential plugin
Martijn Pieters wrote: On 9/13/06, Simon Hang [EMAIL PROTECTED] wrote: I'm thinging to write a NTLM credential plugin for zope3. But as I know, ntlm use 4-way handshake procedure, that means it needs two round-trips between server(zope3) and client(browser). Have you looked at Zope Corp's zc.winauth package? http://svn.zope.org/zc.winauth/trunk/src/zc/winauth/ That's an authenticator plug-in to talk to the Windows directory service, so that users can log into Zope using their Windows logins. ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Re: NTLM credential plugin
On 9/13/06, Philipp von Weitershausen [EMAIL PROTECTED] wrote: That's an authenticator plug-in to talk to the Windows directory service, so that users can log into Zope using their Windows logins. Which tells you how much *I* looked at it. ;) The original thread announcing zc.winauth mentioned NTLM somewhere (as in 'Firefox does NTLM too'), hence my misunderstanding. Mea Culpa! -- Martijn Pieters ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Re: NTLM credential plugin
Simon Hang wrote: Hi, I'm thinging to write a NTLM credential plugin for zope3. But as I know, ntlm use 4-way handshake procedure, that means it needs two round-trips between server(zope3) and client(browser). When I look in the credential plugins, it has challenge mothed. But seems it is only design for 1 round-trip protocol. It can issue one challenge, and return to parent script. I don't see how the PAU only allows one round-trip. The PAU will use the credentials-plugin to challenge the user when an Unauthorized exception occurs. 1. The first time your challenge method is called, you set the WWW-Authenticate: NTLM header (like the HTTP Basic Auth plug-in sets the WWW-Authenticate: Basic header). 2. Then the client sends the type 1 message which you extract in extractCredentials and raise Unauthorized *again*. 3. THat means your challenge method is called *again*. That time you'll se tthe WWW-Authenticate header with the type 2 message. 4. Then the client sends the type 3 message back which you'll extract in extractCredentials. Philipp ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] views based on request method (GET, POST, etc.)
Stephan Richter wrote: On Tuesday 12 September 2006 07:38, Jan-Wijbrand Kolman wrote: But I have the feeling this can be done more elegantly. I did notice something in this direction in zope/app/dav/configure.zcml, but I'm not sure this actually helps. It could be I overlook something very very obvious... you have two choices: 1. Implement HTTP verbs as methods. See the resources implementation. zope.app.publisher.browser 2. Register some view having the method name as the view name. See SchoolTool's REST implementation, for example, schooltool.person.rest. Hi Stephan! The first option would work just fine for me indeed. Out of curiosity though, I wonder about the second option: I *think* to understand that for this option to work, z.a.publication.http.HTTPublication must be used for handling requests (instead of z.a.publication.browser.BrowserRequest), right? And what publication implementation is used when, is in principle configured in zope/app/publication/configure.zcml, right? But then I loose track of how things are tied together... How can I make sure this HTTPublication is used for one or more of the content types in my application? Maybe (probably) Schooltool does things different in this regard than 'stock' Zope-3? But its quite possible that I'm asking stupid questions now, because I'm not sure I can see the forest through the trees anymore ;) Anyway, thanks for your help! regards, jw -- Jan-Wijbrand Kolman software ontwikkelaar, Instituut voor Nederlands Geschiedenis [EMAIL PROTECTED] ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Re: views based on request method (GET, POST, etc.)
Jan-Wijbrand Kolman wrote: Stephan Richter wrote: On Tuesday 12 September 2006 07:38, Jan-Wijbrand Kolman wrote: But I have the feeling this can be done more elegantly. I did notice something in this direction in zope/app/dav/configure.zcml, but I'm not sure this actually helps. It could be I overlook something very very obvious... you have two choices: 1. Implement HTTP verbs as methods. See the resources implementation. zope.app.publisher.browser 2. Register some view having the method name as the view name. See SchoolTool's REST implementation, for example, schooltool.person.rest. Hi Stephan! The first option would work just fine for me indeed. Out of curiosity though, I wonder about the second option: I *think* to understand that for this option to work, z.a.publication.http.HTTPublication must be used for handling requests (instead of z.a.publication.browser.BrowserRequest), right? At least you'd want your publication to look up views like the HTTPPublication, yes. You probably want to implement your own publication that works on browser requests but immitates the HTTPPublication behaviour (though probably only in some cases, I assume). Custom publication/request factories can be registered with the 'publisher' ZCML directive: publisher name=HTTP factory=mycorp.mypkg.MyHTTPFactory methods=GET POST mimetypes=* priority=1000 / Factories with higher priorities will be called first. They can decide whether they want to handle a request based on the (CGI) environment of the request. If they decide not to handle, the next factory takes over. The fallback is the browser factory, then the HTTP factory. See z.a.publication/configure.zcml. HTH Philipp ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Re: NTLM credential plugin
On Sep 13, 2006, at 2:30 AM, Philipp von Weitershausen wrote: Simon Hang wrote: Hi, I'm thinging to write a NTLM credential plugin for zope3. But as I know, ntlm use 4-way handshake procedure, that means it needs two round-trips between server(zope3) and client(browser). When I look in the credential plugins, it has challenge mothed. But seems it is only design for 1 round-trip protocol. It can issue one challenge, and return to parent script. I don't see how the PAU only allows one round-trip. AIUI (I just looked up NTLM last night out of curiosity: see http:// www.innovation.ch/personal/ronald/ntlm.html), the problem is that the 4 way handshake has to happen *within a single connection*. Apparently MS abuses HTTP to perform this. Implementing it in pluggable auth made me scratch my head a bit, so I didn't reply. You would need to slurp the request, then push back to the response, then slurp the same request again, then push back to the response, then slurp one more time, and finally reply with the real request. Describing the problem to Benji, he mentioned WSGI--that does seem like the only way I can imagine this working, and that would be tricky enough, especially if you needed to reach into Zope for the managed credentials. Once the WSGI plugin did its magic, it would need to put something in the WSGI request that a pluggable auth plugin was willing to accept as authentication. On the bright side, if you did this with WSGI you might be able to offer this as a generic Python WSGI NTLM tool that required only minimal integration with the back end app server. I'm glad I'm not tasked with this. :-D It sounds interesting, though. Also, maybe I misunderstand: read the link if you want to come up with your own interpretation. Gary ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Re: NTLM credential plugin
Gary Poster wrote: On Sep 13, 2006, at 2:30 AM, Philipp von Weitershausen wrote: Simon Hang wrote: Hi, I'm thinging to write a NTLM credential plugin for zope3. But as I know, ntlm use 4-way handshake procedure, that means it needs two round-trips between server(zope3) and client(browser). When I look in the credential plugins, it has challenge mothed. But seems it is only design for 1 round-trip protocol. It can issue one challenge, and return to parent script. I don't see how the PAU only allows one round-trip. AIUI (I just looked up NTLM last night out of curiosity: see http://www.innovation.ch/personal/ronald/ntlm.html), the problem is that the 4 way handshake has to happen *within a single connection*. Ack. Ok, I didn't know that. Frankly, I personally don't care much about NTLM anyways... Apparently MS abuses HTTP to perform this. Implementing it in pluggable auth made me scratch my head a bit, so I didn't reply. You would need to slurp the request, then push back to the response, then slurp the same request again, then push back to the response, then slurp one more time, and finally reply with the real request. Describing the problem to Benji, he mentioned WSGI--that does seem like the only way I can imagine this working, and that would be tricky enough, especially if you needed to reach into Zope for the managed credentials. Once the WSGI plugin did its magic, it would need to put something in the WSGI request that a pluggable auth plugin was willing to accept as authentication. On the bright side, if you did this with WSGI you might be able to offer this as a generic Python WSGI NTLM tool that required only minimal integration with the back end app server. Yes, WSGI definitely sounds like a good place to put this then. Perhaps the WSGI middleware could fake a client that uses a more standard authentication system (e.g. Basic Auth) to the WSGI application, that way it'd be transparent to the WSGI application. Not sure if that's possible with NTLM, though. ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Re: NTLM credential plugin
The right thing to do here is probably to just use something like http://modntlm.sourceforge.net/ and trust the REMOTE_USER environment variable passed by Apache... let somebody else worry about maintaining it. ;-) One strategy for doing this is described at http://plone.org/documentation/how-to/singlesignonwindowsdomains/ #step1 . On Sep 13, 2006, at 9:37 AM, Philipp von Weitershausen wrote: Gary Poster wrote: On Sep 13, 2006, at 2:30 AM, Philipp von Weitershausen wrote: Simon Hang wrote: Hi, I'm thinging to write a NTLM credential plugin for zope3. But as I know, ntlm use 4-way handshake procedure, that means it needs two round-trips between server(zope3) and client(browser). When I look in the credential plugins, it has challenge mothed. But seems it is only design for 1 round-trip protocol. It can issue one challenge, and return to parent script. I don't see how the PAU only allows one round-trip. AIUI (I just looked up NTLM last night out of curiosity: see http://www.innovation.ch/personal/ronald/ntlm.html), the problem is that the 4 way handshake has to happen *within a single connection*. Ack. Ok, I didn't know that. Frankly, I personally don't care much about NTLM anyways... Apparently MS abuses HTTP to perform this. Implementing it in pluggable auth made me scratch my head a bit, so I didn't reply. You would need to slurp the request, then push back to the response, then slurp the same request again, then push back to the response, then slurp one more time, and finally reply with the real request. Describing the problem to Benji, he mentioned WSGI-- that does seem like the only way I can imagine this working, and that would be tricky enough, especially if you needed to reach into Zope for the managed credentials. Once the WSGI plugin did its magic, it would need to put something in the WSGI request that a pluggable auth plugin was willing to accept as authentication. On the bright side, if you did this with WSGI you might be able to offer this as a generic Python WSGI NTLM tool that required only minimal integration with the back end app server. Yes, WSGI definitely sounds like a good place to put this then. Perhaps the WSGI middleware could fake a client that uses a more standard authentication system (e.g. Basic Auth) to the WSGI application, that way it'd be transparent to the WSGI application. Not sure if that's possible with NTLM, though. ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Re: NTLM credential plugin
On Sep 13, 2006, at 11:47 AM, Chris McDonough wrote: The right thing to do here is probably to just use something like http://modntlm.sourceforge.net/ and trust the REMOTE_USER environment variable passed by Apache... let somebody else worry about maintaining it. ;-) One strategy for doing this is described at http://plone.org/documentation/how-to/singlesignonwindowsdomains/ #step1 . +1! Good to file away. ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] runzope gives error in zope.conf
Cant find the cause of this via Google, I hope someone here can help me get Zope running. The error is: C:\Zope3Instance\binrunzope Error: 'formatter' is not a known key name (line 103 in file:/C|/Zope3Instance/etc/zope.conf) For help, use C:\Zope3Instance\bin\runzope h The referenced line in zope.conf is: formatter zope.exceptions.log.Formatter Im running Windows XP and have installed Zope-3.2.1.win32-py2.4. Heres what Ive done to get to this point: C:\Python24\Scriptsmkzopeinstance -d \Zope3Instance -u manager:p Please select a password manager which will be used for encode the password of the initial administrator account. 1. Plain Text 2. MD5 3. SHA1 Password Manager Number [1]: 'Plain Text' password manager selected C:\Python24\Scriptscd \Zope3Instance C:\Zope3Instancecd bin C:\Zope3Instance\binrunzope Error: 'formatter' is not a known key name (line 103 in file:/C|/Zope3Instance/etc/zope.conf) For help, use C:\Zope3Instance\bin\runzope h Any ideas? Thanks, Dave ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] viewlets for specific interfaces
hello, I'm trying to get started with viewlets, but am still having some problems: For example, I have a LeftColumn viewletmanager, where I want to display different infos (viewlets) depending on the object that's being displayed (one viewlet for folders, one for normal files, one for images, etc) the following example works either for all interfaces or for none, and I'm trying to figure out how to render a particular viewlet only for a particular interface... any pointers in the right direction? thanx a lot! Luis test/__init__.py from zope import component from zope import interface from zope import viewlet class ILeftColumn(viewlet.interfaces.IViewletManager): Viewlet manager for the left column class HelloMessage(object): interface.implements(viewlet.interfaces.IViewlet) def __init__(self,context,request,view,manager): self.__parent__ = view self.context, self.request = context,request def update(self): pass def render(self): return u'divHello!/div' test/configure.zcml configure xmlns=http://namespaces.zope.org/zope; xmlns:browser=http://namespaces.zope.org/browser; browser:page for=* name=viewlet.html template=index.pt permission=zope.View/ browser:viewletManager name=vm permission=zope.Public provides=.ILeftColumn template=vm.pt/ !-- ### for=* shows hello for any object for=zope.app.file.interfaces.IFile does not work for any object, IFiles included. why ??? ## -- browser:viewlet name=hello for=zope.app.file.interfaces.IFile manager=.ILeftColumn class=.HelloMessage permission=zope.Public/ /configure ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Alternatives to macros
I'm investigating alternatives to macros, the following appears to work, but does anyone see anything particularly wrong or limiting with this implementation? Thanks, Kevin Smith app.py class PageView(BrowserView): content = pagetemplate.ViewPageTemplateFile('page.pt') def __call__(self): view = zope.component.getMultiAdapter( (self.context, self.request), name=masterpage.html) view.content = self.content return view() class NavbarContentProvider: implements(IContentProvider) adapts(Interface, IDefaultBrowserLayer, Interface) def __init__(self, context, request, view): self.context = context self.request = request self.__parent__ = view def update(self): pass def render(self): return 'a href=/Home/a' configure.zcml browser:page name=masterpage.html for=* template=masterpage.pt permission=zope.Public / browser:page for=* name=mppage1.html class=.app.PageView permission=zope.View / adapter factory=.app.NavbarContentProvider name=navbar.ContentProvider / masterpage.pt html headtitlemaster.pt/title/head body div class=hdh2master.pt/h2/div div class=bd div lass=nav span tal:replace=structure provider:navbar.ContentProvider / /div div class=content div tal:replace=structure view/content / /div div class=ftmaster.pt footer/h2 /body /html page.pt h2page.pt/h2 div tal:replace=structure view/content / ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] help ! Zope 3.2.1 won't start any longer !
Microsoft Windows XP [Versione 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\adrianod: D:\ZopeIstanza\bin\runzope Error: 'formatter' is not a known key name (line 103 in file:/D|/ZopeIstanza/etc/zope.conf) For help, use D:\ZopeIstanza\bin\runzope -h D:\ well, I admit I tweaked the python installation. PyReadline was not installed so IPython didn't sport autocompletion ! probably I reinstalled something without removing it first ! But I an't remeber what ! Then I removed evrything and reinstalled ALL 1) python 2) python extensions http://starship.python.net/crew/mhammond 3) ctypes http://starship.python.net/crew/theller/ctypes 4) pyreadline http://projects.scipy.org/ipython/ipython/wiki/PyReadline/Intro 5) Zope I also tried to remove all and reinstall JUST python and Zope Same result ! Please help me ! What can I do ? Please don't suggest me to format the disk, reinstall windows and then Pyhton, Zope, etc ! Thanks so much ! Bye Catonano ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] help ! Zope 3.2.1 won't start any longer !
catonano wrote: Microsoft Windows XP [Versione 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\adrianod: D:\ZopeIstanza\bin\runzope Error: 'formatter' is not a known key name (line 103 in file:/D|/ZopeIstanza/etc/zope.conf) For help, use D:\ZopeIstanza\bin\runzope -h Try commenting out the problem line(s) in your zope.conf, e.g. logfile path $LOGDIR/z3.log # formatter zope.exceptions.log.Formatter /logfile logfile path STDOUT # formatter zope.exceptions.log.Formatter /logfile In my zope 3.2 instance, the zope.conf file doesn't contain the formatter params. (but my 3.3 version does). ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] help ! Zope 3.2.1 won't start any longer !
Tom, At 00.57 14/09/2006, Tom Dossis wrote: catonano wrote: Microsoft Windows XP [Versione 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\adrianod: D:\ZopeIstanza\bin\runzope Error: 'formatter' is not a known key name (line 103 in file:/D|/ZopeIstanza/etc/zope.conf) For help, use D:\ZopeIstanza\bin\runzope -h Try commenting out the problem line(s) in your zope.conf, e.g. logfile path $LOGDIR/z3.log # formatter zope.exceptions.log.Formatter /logfile logfile path STDOUT # formatter zope.exceptions.log.Formatter /logfile In my zope 3.2 instance, the zope.conf file doesn't contain the formatter params. (but my 3.3 version does). Wow ! Thanks, it works ! I was really scared ! Where do those lines come from ? I don't understand ! I just used the 3.2.1 installer ! Bah ! Thanks anyhow ! Bye Catonano ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users