Am Freitag, 3. Februar 2006 17:11 schrieb Rupert Redington: > Florian Lindner wrote: > > Am Freitag, 3. Februar 2006 04:07 schrieb Gary Poster: > >> On Feb 2, 2006, at 4:41 PM, Florian Lindner wrote: > >>> Hello, > >>> I'm still desperately trying to figure out the > >>> PluggableAuthentication. > >> > >> Since no one has replied, I'll try my "30-second remediation" > >> technique again. ;-) That means I didn't really follow exactly what > >> you are doing, and I'm just trying for low-hanging fruit to help > >> you. :-) > >> > > :-) > > : > >>> I perform the following steps: > >>> > >>> 1) Create an instance of my folderish, possible site (named A), > >>> content > >>> object. > >>> > >>> 2) I create a site in it. > >>> > >>> 3) I add a PAU in the default software space > >>> > >>> 4) I add a SessionCredentialsPlugin and a PrincipalFolder as plugins. > >>> > >>> 5) I create a internal principal with "Title" = > >>> "zope.Manager" (tried also > >>> other ones). name = abc > >>> > >>> 6) In the SessionCredentialsPlugin I leave to "loginForm.html". I've a > >>> loginForm.html view in my A-object) > >>> > >>> 7) I register all components (SessionCreadentiasPlugin, > >>> PrincipalFolder and > >>> PAU) > >> > >> So that means that http://127.0.0.1:8080/++etc++site/default/test.pau/ > >> @@configure.html (or similar) has one credentials plugin in the right > >> column ("Session Credentials (a utility)") and one authenticator > >> plugin in the right column ("PrincipalFolder (a utility)" or > >> something like that). Right? > >> > >> If not, make it so. :-) > > > > It was already like that, forgot to mention it. > > > >> If that doesn't work, try making the right column of the Credentials > >> Plugins field be "No Challenge if Authenticated (a utility)" first > >> and then "Session Credentials (a utility)" second. That's probably > >> what you want anyway. > > > > Changed it a bit. > > > > I'm not redirected to the loginForm.html but a "Not authorized" page. > > Anything else is the same. I wonder why I'm not authorized, because in > > the authenticateCredentials() function the internal.title returns: > > > > (Pdb) internal.title > > u'zope.Manager' > > > > Which should be authorized for anything. > > > > Hope you can hang the fruits a few centimeter lower... ,-) > > If this fruit is low enough for me I'll be very surprised, and you've > probably done this already, but: > > Does the Principal you've added to your PAU authentication plugin have a > grant on the site/folder you're trying to access?
I've given the principal the title (which is AFAIK the same as role) zope.Manager, which IMO does not need further grants. Another way I've tried: I've created a principal with title CS.User. In my configure.zcml I have: <role id="CS.User" title="centershock.net user" /> <grant permission="CS.View" role="CS.User" /> The ressource I try to access has security declarations: <page name="toHomeFolder" for="*" permission="CS.View" [...] /> Or do I need further grants or anything? Or do I misunderstand the title attribute of the principal. Thanks, Florian _______________________________________________ Zope3-users mailing list Zope3email@example.com http://mail.zope.org/mailman/listinfo/zope3-users