Re: [Zope3-Users] Pluggable authentication, a newbie's question
Stephan Richter пишет:
On Sunday 28 January 2007 11:44, Alexei Ustyuzhaninov wrote:
This code is contained in the file mypackage/__init__.py, mypackage in
turn is loaded via ZCML.
This is bad form. You should have that code in another module.
Both plugins and PAU are registered
successfully and I can access them with queryUtility. But the
authentication is carried through the standard mechanism and
MyAuthenticatorPlugin isn't even called.
There are a couple of things to be said here:
* Pluggable Authentication was not developed to work well globally. I know I
had to tweak it a (tiny) bit to make it work for base registries.
* You should use the pluggable authentication utility from a site. You can do
this via ZCML and baseregistries or adding it to the ZODB. You should look
into configurator on how to do this programmatically.
Packages to check out:
z3c.baseregistry
z3c.configurator
I have looked a bit at the sources and make my own version of the
publication class which (I think) makes the authentication to work as I
want.
Here is my implementation:
overrides.zcml
--
configure xmlns=http://namespaces.zope.org/zope;
xmlns:browser=http://namespaces.zope.org/browser;
publisher
name=BROWSER
factory=mypackage.MyPublication.MyBrowserFactory
methods=GET POST HEAD
mimetypes=*
priority=10
/
/configure
MyAuthentication.py
---
from zope import interface
from zope.component import provideUtility
from zope.app.authentication import interfaces
from zope.app.authentication.interfaces import\
ICredentialsPlugin, IAuthenticatorPlugin, IPrincipalInfo
from zope.app.authentication import PluggableAuthentication
from zope.app.authentication.httpplugins import
HTTPBasicAuthCredentialsPlugin
class PrincipalInfo(object):
interface.implements(interfaces.IPrincipalInfo)
def __init__(self, id, title, description):
self.id = id
self.title = title
self.description = description
class CascadeAuthenticatorPlugin(object):
interface.implements(interfaces.IAuthenticatorPlugin)
def authenticateCredentials(self, credentials):
if credentials is None:
return None
params = my_authentication(credentials)
if params is None
return None
else:
return PrincipalInfo(*params)
provideUtility(HTTPBasicAuthCredentialsPlugin(), ICredentialsPlugin,\
name='My Credentials Plugin')
provideUtility(CascadeAuthenticatorPlugin(), IAuthenticatorPlugin,
name='My Authenticator Plugin')
pau=PluggableAuthentication('')
pau.credentialsPlugins=('My Credentials Plugin',)
pau.authenticatorPlugins=('My Authenticator Plugin',)
MyPublication.py
import transaction
from zope.app.publication.browser import BrowserPublication
from zope.app.publication.requestpublicationfactories import\
BrowserFactory
from zope.app.security.principalregistry import\
principalRegistry as prin_reg
from zope.security.management import newInteraction
from Authentication import pau
class MyPublication(BrowserPublication):
def beforeTraversal(self, request):
#p = prin_reg.authenticate(request)
p = pau.authenticate(request)
if p is None:
p = prin_reg.unauthenticatedPrincipal()
if p is None:
raise Unauthorized # If there's no default principal
request.setPrincipal(p)
newInteraction(request)
transaction.begin()
def _maybePlacefullyAuthenticate(self, request, ob):
class MyBrowserFactory(BrowserFactory):
def __call__(self):
request_class, orig_publ=super(CascadeBrowserFactory,
self).__call__()
return request_class, MyPublication
I'm new to zope3, so could you estimate how well this approach
corresponds to the zope architecture.
--
Alexei
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Pluggable authentication, a newbie's question
David Johnson пишет: On Jan 29, 2007, at 5:30 PM, Alexei Ustyuzhaninov wrote: David Johnson пишет: What do you mean by Your authenticator is registered as a Plugin in a PAU in your current site? I registered the authenticator as a utility and assigned the utility name to the authenticatorPlugins attribute of the PAU. Is it enough? I'm not sure I follow you here. Normally when you create a custom authenticator you first go into Manage Site add a Pluggable Auth Utility (PAU). Then from within the PAU there are plugins. You can add your custom plugin here. Then you select a credentials plugin and your authenticator plugin. I'm not an expert by any means on PAU, but it seems this is the preferred approach. The authenticators I've written implemented the following: implements(AuthenticatorPlugin,IQueriableAuthenticator,IQuerySchemaSearch) Aha, seems that I see where is my problem. I didn't manage site through ZMI. Is it possible to do this manipulation programmatically? That I don't know. Probably. Why you would want to is another question. Well, I'm going to be able to deploy the package without using ZMI. That's why I'm seeking for a programmatic solution. ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Pluggable authentication, a newbie's question
On Monday 29 January 2007 11:30, Alexei Ustyuzhaninov wrote: Aha, seems that I see where is my problem. I didn't manage site through ZMI. Is it possible to do this manipulation programmatically? Yes, we do it only this way. The site management API is very easy. See IComponents. Regards, Stephan -- Stephan Richter CBU Physics Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Pluggable authentication, a newbie's question
On Monday 29 January 2007 16:06, David Johnson wrote: Aha, seems that I see where is my problem. I didn't manage site through ZMI. Is it possible to do this manipulation programmatically? That I don't know. Probably. Why you would want to is another question. There is a lot of motivation for doing it this way. Alexei stated one in his response. During development you also want to throw databases away frequently. To set up everything in the ZODB by hand again is just totally lame. A lemma to this is that we always generate sample data for our applications (via z3c.sampledata or now z3c.configurator) so that we can test the application better. We use the sample data for manual and automated testing. It would be unpractical to do it by hand then. Regards, Stephan -- Stephan Richter CBU Physics Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Pluggable authentication, a newbie's question
I'll try. Your authenticator is registered as a Plugin in a PAU in
your current site? I'm not sure the cause without more details, but
when I see this happen I've usually neglected one of the following:
1. The credentials plugin is not selected and added.
2. The authenticator plugin is not selected and added.
3. No permissions have been granted to the user, so even though the
user is valid, they don't have permissions to do anything and so
another authentication is being called as a backup. This is easy
enough to debug by putting print statements at strategic points in
your plugin and see if and when they show up in the Zope log.
The PAU stuff has changed a lot over the history of Zope 3, so I've
also found it to happen when using outdated methods such as the ones
in Phillips first edition (which have since been updated to reflect
the latest methods - thanks Phillip).
--
David
On Jan 28, 2007, at 5:44 PM, Alexei Ustyuzhaninov wrote:
Hello,
I try to create a plugin, which could authenticate users against an
external database. Here is the code:
from zope.component import provideUtility
from zope.app.authentication import PluggableAuthentication
from zope.app.authentication.interfaces import\
ICredentialsPlugin, IAuthenticatorPlugin
from zope.app.authentication.session import SessionCredentialsPlugin
from zope.app.security.interfaces import IAuthentication
from mypackage.Authentication import MyAuthenticatorPlugin
provideUtility(SessionCredentialsPlugin(), ICredentialsPlugin,\
'My Credentials Plugin')
provideUtility(MyAuthenticatorPlugin(), IAuthenticatorPlugin,
'My Authenticator Plugin')
pau=PluggableAuthentication('my_')
pau.credentialsPlugins=('Cascade Credentials Plugin', )
pau.authenticatorPlugins=('Cascade Authenticator Plugin', )
provideUtility(pau, IAuthentication, 'My Pluggable-Authentication
Utility'
This code is contained in the file mypackage/__init__.py, mypackage in
turn is loaded via ZCML. Both plugins and PAU are registered
successfully and I can access them with queryUtility. But the
authentication is carried through the standard mechanism and
MyAuthenticatorPlugin isn't even called.
Could any good soul help me with this case?
--
Thanks,
Alexei
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Pluggable authentication, a newbie's question
Hi, David!
Thank you for the help.
David Johnson пишет:
I'll try. Your authenticator is registered as a Plugin in a PAU in your
current site? I'm not sure the cause without more details, but when I
see this happen I've usually neglected one of the following:
What do you mean by Your authenticator is registered as a Plugin in a
PAU in your current site? I registered the authenticator as a utility
and assigned the utility name to the authenticatorPlugins attribute of
the PAU. Is it enough?
1. The credentials plugin is not selected and added.
2. The authenticator plugin is not selected and added.
I think the plugins were selected and added as well as the PAU. I could
access them with the queryUtility method later.
3. No permissions have been granted to the user, so even though the user
is valid, they don't have permissions to do anything and so another
authentication is being called as a backup. This is easy enough to
debug by putting print statements at strategic points in your plugin and
see if and when they show up in the Zope log.
Yes, I do debugging the same way. And the print statement at the first
line of the authenticator printed nothing. So I think the authenticator
wasn't called at all.
The PAU stuff has changed a lot over the history of Zope 3, so I've also
found it to happen when using outdated methods such as the ones in
Phillips first edition (which have since been updated to reflect the
latest methods - thanks Phillip).
--
David
On Jan 28, 2007, at 5:44 PM, Alexei Ustyuzhaninov wrote:
Hello,
I try to create a plugin, which could authenticate users against an
external database. Here is the code:
from zope.component import provideUtility
from zope.app.authentication import PluggableAuthentication
from zope.app.authentication.interfaces import\
ICredentialsPlugin, IAuthenticatorPlugin
from zope.app.authentication.session import SessionCredentialsPlugin
from zope.app.security.interfaces import IAuthentication
from mypackage.Authentication import MyAuthenticatorPlugin
provideUtility(SessionCredentialsPlugin(), ICredentialsPlugin,\
'My Credentials Plugin')
provideUtility(MyAuthenticatorPlugin(), IAuthenticatorPlugin,
'My Authenticator Plugin')
pau=PluggableAuthentication('my_')
pau.credentialsPlugins=('Cascade Credentials Plugin', )
pau.authenticatorPlugins=('Cascade Authenticator Plugin', )
provideUtility(pau, IAuthentication, 'My Pluggable-Authentication
Utility'
This code is contained in the file mypackage/__init__.py, mypackage in
turn is loaded via ZCML. Both plugins and PAU are registered
successfully and I can access them with queryUtility. But the
authentication is carried through the standard mechanism and
MyAuthenticatorPlugin isn't even called.
Could any good soul help me with this case?
--Thanks,
Alexei
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Pluggable authentication, a newbie's question
On Jan 29, 2007, at 5:30 PM, Alexei Ustyuzhaninov wrote: David Johnson пишет: What do you mean by Your authenticator is registered as a Plugin in a PAU in your current site? I registered the authenticator as a utility and assigned the utility name to the authenticatorPlugins attribute of the PAU. Is it enough? I'm not sure I follow you here. Normally when you create a custom authenticator you first go into Manage Site add a Pluggable Auth Utility (PAU). Then from within the PAU there are plugins. You can add your custom plugin here. Then you select a credentials plugin and your authenticator plugin. I'm not an expert by any means on PAU, but it seems this is the preferred approach. The authenticators I've written implemented the following: implements (AuthenticatorPlugin,IQueriableAuthenticator,IQuerySchemaSearch) Aha, seems that I see where is my problem. I didn't manage site through ZMI. Is it possible to do this manipulation programmatically? That I don't know. Probably. Why you would want to is another question. ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Pluggable authentication, a newbie's question
Hello,
I try to create a plugin, which could authenticate users against an
external database. Here is the code:
from zope.component import provideUtility
from zope.app.authentication import PluggableAuthentication
from zope.app.authentication.interfaces import\
ICredentialsPlugin, IAuthenticatorPlugin
from zope.app.authentication.session import SessionCredentialsPlugin
from zope.app.security.interfaces import IAuthentication
from mypackage.Authentication import MyAuthenticatorPlugin
provideUtility(SessionCredentialsPlugin(), ICredentialsPlugin,\
'My Credentials Plugin')
provideUtility(MyAuthenticatorPlugin(), IAuthenticatorPlugin,
'My Authenticator Plugin')
pau=PluggableAuthentication('my_')
pau.credentialsPlugins=('Cascade Credentials Plugin', )
pau.authenticatorPlugins=('Cascade Authenticator Plugin', )
provideUtility(pau, IAuthentication, 'My Pluggable-Authentication Utility'
This code is contained in the file mypackage/__init__.py, mypackage in
turn is loaded via ZCML. Both plugins and PAU are registered
successfully and I can access them with queryUtility. But the
authentication is carried through the standard mechanism and
MyAuthenticatorPlugin isn't even called.
Could any good soul help me with this case?
--
Thanks,
Alexei
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users
