On 11/22/2011 11:13 AM, Sylvain Viollon wrote:
> Op 17 nov 2011, om 20:57 heeft Tres Seaver het volgende geschreven:
>> Note that there is a counter-trend here among the Pyramid crew: many
>> developers *want* tight integration of authentication, particularly the
>> login forms.
I'm not sure I fully agree with that observation. I think the trend is
that trying to do the UI part of authentication in middleware turned out
to be a mistake and people are moving away from that. But everything
else does not need tighter integration.
> And there is a major issue with this is that for the moment your
> authentication depends from where you are in your Zope 2 application. Maybe
> in some part of the application the authentication will be done using LDAP,
> and not in some other: you can have a acl_users only for some part of the
> application, and users there are available locally and not globally. That is
> because the authentication is done after the traversing. If you want to do
> this in a WSGI middleware, you will have to do the traversing in a WSGI
> middleware before, otherwise lot of people won't be able to migrate theirs
> applications to Zope 4, because the paradigm changed.
Realistically though: how often is that used? Is that enough to warrant
the extra complexity?
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -