-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/11/2010 08:21 PM, Laurence Rowe wrote: > I'm currently implementing single sign on across Plone sites but have > run into a bit of an issue with the CookieAuthHelper. > > Unauthorized accesses are redirected to its login_path attribute even > when a user is already logged in. Plone works around this with a > require_login script that traverses to insufficient_privileges (rather > than login_form) when the user is not anonymous. > http://dev.plone.org/plone/browser/Plone/trunk/Products/CMFPlone/skins/plone_login/require_login.py > > I'd like to avoid having two redirects (one to require_login and then > one to the remote login page). > > One option (as suggested in require_login.py) would be to have > CookieAuthHelper traverse rather than redirect to the login_path so > that sites could override the behaviour, though they would then > presumably need to duplicate the functionality currently in > CookieAuthHelper.unauthorized (which I must admit to only barely > understanding...) > http://zope3.pov.lt/trac/browser/Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/CookieAuthHelper.py > > Instead, it would seem to make sense to move this functionality login > / insufficient privileges functionality into the CookieAuthHelp > itself. I could add an insufficient_privs_path and redirect there > instead of login_path when a user is already authorized. > > Yet another option would be to let logged in unauthorized to percolate > up and implement that page with an error view. > > Any opinions? I'm leaning towards adding an insufficient_privs_path as > it seems simplest and least invasive. (When not set it would just use > login_path as normal).
zope-dev@zope.org is the wrong mailing list for PAS-related questions: please keep them on zope-...@zope.org: https://mail.zope.org/mailman/listinfo/zope-pas Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAky12sIACgkQ+gerLs4ltQ6kMgCeK7BdQ7yQryspLaYlT9O8ljWS ntYAn3qwCRG6V9sW8ihFOLReyIYREkZ5 =C1EF -----END PGP SIGNATURE----- _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
