-----BEGIN PGP SIGNED MESSAGE-----
Stephan Richter wrote:
> On Wednesday 25 January 2006 05:40, Christian Theune wrote:
>>I'm quite sure that part b) isn't written yet, but I'm not sure what the
>>state of part a) is.
> (a) is done. It is indeed the default Zope behavior.
Hmm, I thought that Zope3's security machinery set the response code to
403 (forbidden) rather than a 401 (Unauthorized) if the user is already
authenticated. but then tries to do something not allowed. Browsers
(rightfully) don't treat a 403 as a prompt to reauthenticate. The
configureed authentication service *may* override that to raise
Unauthorized, but that is not mandated.
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Zope3-dev mailing list