Title: Authentication question

Hi All.  Hope this hasn't been answered elsewhere, but I've looked through zope3-users and zope3-dev email and chat logs, and can't find an answer.

After working through philiKON's web component development book, I decided to move to zope3.1 (mostly because I wanted to snag the homefolder code, which of course he also wrote).  In the process of doing this, I decided to subclass and override some of IPrincipalFolder.  I create a folder, turn it into a site, add a pluggableAuthentication utility (non-named), and create my new principal folder implementation.  I can create new principals of my own type in these folders... (I wanted to use role manager to add some roles at creation time, rather than explicitly granting them at different locations through the ZMI).  That part seems to be working.


I can't actually log in with my new user's credentials.  If I connect to specific resources over xmlrpc using my new set of credentials, it works, I can connect to and modify objects with my new principal.  But logging in over the web fails.  I'm using cookieauth, almost line for line from the web component development book, and it does, if I dump a bunch of debug statements in, prove to be working as the ILoginPassword interface that's getting the info when I post up my username/password (as zope_user, zope_pass). 

After some digging, I noticed that in zope.app.security.principalregistry where it's implementing IAuthentication.authenticate it checks for __principalsByLogin[login].  That dictionary only ever, for me, contains my administrative user (when I throw in some print statements to verify).  Since it's called by zope.app.publication in beforeTraversal, that makes sense that it's only checking local registry, but I don't know how to push it along to check the next IAuthentication implementation available.

I may, also, be going about this the wrong way.  Any thoughts?

Pete Taylor
THIG Systems
(desk) 352.333.1722
(cell) 352.359.0073

CONFIDENTIAL NOTICE: This email including any attachments, contains
confidential information belonging to the sender. It may also be
privileged or otherwise protected by work product immunity or other
legal rules. This information is intended only for the use of the
individual or entity named above.  If you are not the intended
recipient, you are hereby notified that any disclosure, copying,
distribution or the taking of any action in reliance on the contents
of this emailed information is strictly prohibited.  If you have
received this email in error, please immediately notify us by
reply email of the error and then delete this email immediately.

Zope3-users mailing list

Reply via email to