I write some code to realize session-cache RDB authentication. RDBPluggableAuthentication is a new PAU, which works well after my testing.
class RDBPluggableAuthentication(PluggableAuthentication): """new session-cache PluggableAuthentication""" def authenticate(self, request): authenticatorPlugins = [p for n, p in self.getAuthenticatorPlugins()] for name, credplugin in self.getCredentialsPlugins(): credentials = credplugin.extractCredentials(request) for authplugin in authenticatorPlugins: if authplugin is None: continue authplugin._v_sessdata = ISession(request)['mn.authcache'] #in order to get sessionData return authplugin.authenticateCredentials(credentials) return None def getPrincipal(self, id): if not id.startswith(self.prefix): next = queryNextUtility(self, IAuthentication) if next is None: raise PrincipalLookupError(id) return next.getPrincipal(id) raise PrincipalLookupError(id) #ok for groups checking, not sure for other invokers class RDBAuthenticator(SQLexec): """select login, pwd, name, role from tuser where login=<dtml-sqlvar login type="string">;""" implements(IAuthenticatorPlugin) def __init__(self, prefix = ''): self.prefix = prefix self._v_sessdata = None def authenticateCredentials(self, credentials): if not (credentials and 'login' in credentials and 'password' in credentials): return login, password = credentials['login'], credentials['password'] prin_cache = self._v_sessdata and self._v_sessdata.get('principal', None) if prin_cache and prin_cache.id[len(self.prefix):] == login and getattr(prin_cache, 'pwd', None) == password: return prin_cache result = self.execute(self.__doc__, login=login) if not result: return usr = result[0] if password != usr.pwd.strip(): return prin = RDBPrincipal(self.prefix + login, usr.name, usr.name) prin.pwd = password prin.groups.extend(usr.role.split(',')) self._v_sessdata['principal'] = prin return prin def principalInfo(self, id): pass #no invoking from getPrincipal class RDBPrincipal(Persistent, Principal): groups = PersistentList() -- View this message in context: http://www.nabble.com/efficiency-of-PAU-authentication-tp16972305p17093684.html Sent from the Zope3 - users mailing list archive at Nabble.com. _______________________________________________ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users