On Feb 18, 10:46 am, Gustavo Narea <[email protected]> wrote:
> You don't seem to understand what is going on:
> repoze.who is a WSGI middleware for authentication, used by default in TG2
> applications. Because of the way TG2 configures authentication by default, for
> the user to be authenticated, one of the application's controller actions must
> be called. So, when authorization is denied and the user is anonymous,
> repoze.who middleware catches the authorization denial exception and redirects
> the user to the login form... But if you protected the login form too, there's
> no way that the user will be able to log in.
>
> *But*, if you use a different repoze.who challenger, when authorization is
> denied and the user is anonymous, the repoze.who middleware catches the
> authorization denial exception and the middleware *itself* renders the login
> form (or an HTTP authentication prompt) -- without ever reaching the WSGI
> application, so it doesn't matter if it's totally protected.
I need to protect an entire application behind a username/password
prompt.
What middleware do I use?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Trunk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-trunk?hl=en
-~----------~----~----~----~------~----~------~--~---
