Hash: SHA1

On 10/11/2010 08:21 PM, Laurence Rowe wrote:
> I'm currently implementing single sign on across Plone sites but have
> run into a bit of an issue with the CookieAuthHelper.
> Unauthorized accesses are redirected to its login_path attribute even
> when a user is already logged in. Plone works around this with a
> require_login script that traverses to insufficient_privileges (rather
> than login_form) when the user is not anonymous.
> http://dev.plone.org/plone/browser/Plone/trunk/Products/CMFPlone/skins/plone_login/require_login.py
> I'd like to avoid having two redirects (one to require_login and then
> one to the remote login page).
> One option (as suggested in require_login.py) would be to have
> CookieAuthHelper traverse rather than redirect to the login_path so
> that sites could override the behaviour, though they would then
> presumably need to duplicate the functionality currently in
> CookieAuthHelper.unauthorized (which I must admit to only barely
> understanding...)
> http://zope3.pov.lt/trac/browser/Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/CookieAuthHelper.py
> Instead, it would seem to make sense to move this functionality login
> / insufficient privileges functionality into the CookieAuthHelp
> itself. I could add an insufficient_privs_path and redirect there
> instead of login_path when a user is already authorized.
> Yet another option would be to let logged in unauthorized to percolate
> up and implement that page with an error view.
> Any opinions? I'm leaning towards adding an insufficient_privs_path as
> it seems simplest and least invasive. (When not set it would just use
> login_path as normal).

zope-dev@zope.org is the wrong mailing list for PAS-related questions:
please keep them on zope-...@zope.org:


- -- 
Tres Seaver          +1 540-429-0999          tsea...@palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope )

Reply via email to