-----BEGIN PGP SIGNED MESSAGE-----
On 10/11/2010 08:21 PM, Laurence Rowe wrote:
> I'm currently implementing single sign on across Plone sites but have
> run into a bit of an issue with the CookieAuthHelper.
> Unauthorized accesses are redirected to its login_path attribute even
> when a user is already logged in. Plone works around this with a
> require_login script that traverses to insufficient_privileges (rather
> than login_form) when the user is not anonymous.
> I'd like to avoid having two redirects (one to require_login and then
> one to the remote login page).
> One option (as suggested in require_login.py) would be to have
> CookieAuthHelper traverse rather than redirect to the login_path so
> that sites could override the behaviour, though they would then
> presumably need to duplicate the functionality currently in
> CookieAuthHelper.unauthorized (which I must admit to only barely
> Instead, it would seem to make sense to move this functionality login
> / insufficient privileges functionality into the CookieAuthHelp
> itself. I could add an insufficient_privs_path and redirect there
> instead of login_path when a user is already authorized.
> Yet another option would be to let logged in unauthorized to percolate
> up and implement that page with an error view.
> Any opinions? I'm leaning towards adding an insufficient_privs_path as
> it seems simplest and least invasive. (When not set it would just use
> login_path as normal).
email@example.com is the wrong mailing list for PAS-related questions:
please keep them on zope-...@zope.org:
Tres Seaver +1 540-429-0999 tsea...@palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -