Hermann Himmelbauer wrote:
> Hi,
> After thoroughly studying Philipp's book and the PAU-doctests, I
> unfortunately
> still have no clue how to do my authentication. My (simple) scenario is the
> following:
>
> - I wrote a Zope package that can be added as a site
> - I have one Zope instance with several of these sites
> - Users should authenticate site-specific, e.g. users that authenticated for
> site A should not automatically be authenticated for site B and never for the
> Zope root
> - I want to use Session Credentials
> - I wrote an authenticator plug-in for an existing relational database that
> looks like this:
>
> class PasswdAuthenticator(Persistent):
> implements(IPasswd, IAuthenticatorPlugin, ILocation)
> __parent__ = __name__ = None
>
> def authenticateCredentials(self, credentials):
> if not (credentials and 'login' in credentials and
> 'password' in credentials):
> return
> login, password = credentials['login'], credentials['password']
> if relation_db_check(login,passwd):
> return PrincipalInfo()
>
> Now I have to glue all this together, but how?
>
> Do I need a local, site specific PAU? If yes, how do I create/store one
> without the ZMI? I want that to automatically be done during site creation,
> e.g. via a subscriber (I have already one that builds the basic site
> structure). Probably a PAU is created like this:
>
> pau = zope.app.authentication.PluggableAuthentication('myprefix_')
>
> But - how do I add this to my site manager then? Have the prefixes to be
> different for every PAU that are located in the different sites?
>
> How do I enable Session Credentials, or are they already enabled?
>
> And - how do I tell the PAU to use my authentication utility, perhaps I have
> to create one and somehow place it into the PAU, as it's a container? Or
> should I register it as a local utility? Or as a global utility? In case of a
> utility, the Authenticator Plugin probably does not have to inherit from
> persistent.Persistent?
>
> Moreover Philipp's book states that available plug-ins need to be configured
> but I don't know to do this without the ZMI?
>
> Best Regards,
> Hermann
>
Hi Hermann,
I do it roughly like this - but, in my experience there's usually a
better way of doing things than whatever way I choose :-)
It answers some of your questions...
from zope.app.authentication.authentication import PluggableAuthentication
from zope.app.security.interfaces import IAuthentication
from zope.app.authentication.principalfolder import PrincipalFolder
from zope.app.authentication.interfaces import IAuthenticatorPlugin
# My event subscriber will be passed a reference to the site object
# from which we can get the sitemanager
sitemanager = event.object.getSiteManager()
pau = PluggableAuthentication()
sitemanager['PAU'] = pau
sitemanager.registerUtility(pau, IAuthentication)
# Tell the PAU which sort of credentials we want to use
pau.credentialsPlugins = (u'Session Credentials')
# make whatever authenticatorPlugin we want
users = PrincipalFolder()
users.prefix = u'users.'
pau[u'users'] = users
# get the current list of authenticator plugins, add users and reset
aplugins = list(pau.authenticatorPlugins)
aplugins.append(u'users')
pau.authenticatorPlugins = aplugins
Cheers,
Rupert
_______________________________________________
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users
