> This is how the HTTP 1/1 specification requires it to be.
> Your browser follows this spec.


    I understand the HTTP spec... but ZOPE does not work that way.

    I can use methods which require roles above where I logged in.  The
methods used for returning the roles themselves do not correlate with ZOPE's
own actions.  Therefore ZOPE has an internal inconsistency regarding user
authentication with basic HTTP authorization.

> Apparently, you are using a user folder that uses basic authentication.
> There are user folders around that can (be configured to) use
> Cookie authentication. You can also use CookieCrumber for that.

    yes, I've used one or two - but I'm concerned with remedying the default
ZOPE authentication mechanism, which is broken

> <dtml-call "REQUEST.set('roles',['Anonymous',])">
>   <dtml-call "REQUEST.set('roles',AUTHENTICATED_USER.getRoles())">
> </dtml-if>


    thanks, but your suggestion isn't applicable since the result of
AUTHENTICATED_USER.getRoles() is wrong.

                                            Grant K Rauscher
                                            GeeKieR Enterprises

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to