Matt Behrens wrote:
> I've got some rather funky auth requirements where I need to stop Zope 
> from challenging Basic authentication when Unauthorized is raised.
> I seem to be able to do this if I monkey-patch 
> HTTPResponse.unauthorized(), but what I'd really like is to be able to 
> hook into it to make a user folder-overridable challenge with a fallback 
> to the standard unauthorized.  Maybe such a hook would be useful in 2.6 :-)
> So, given that, can I get to the user folder from 
> HTTPResponse.unauthorized()?  Or are there any better ideas?

Check out CookieCrumbler.  It does several things:

- It patches response *instances*; that is, it adds an attribute to 
response instances called "unauthorized" which overrides the method. 
The attribute value is a method bound to a different object.

- It uses the request._hold() mechanism to delete the attribute it added 
to the response, avoiding a memory leak.

It would be useful to provide a better way to hook unauthorized() in 
Zope 2.6, but this way is compatible with Zope 2.4 and 2.5, so I'm not 
motivated enough. ;-)


Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to