Hi all!

I'm using LoginManager to provide for a non-HTTP authentication. A role
"Member" has access to a folder "Restricted", the
role "Anonymous" doesn't have any rights at all in this folder. All objects
in this folder acquire these security settings.
So far, so good.

The login form from the LoginManager product raises "LoginRequired" and
shows the login screen when necessary. Mysteriously, I don't get to see my
(customized) standard_error_message, but *the* standard error message when I
try to access the folder unauthenticated. Now if I give Anonymous the right
to "View" in the "Restricted" folder (and therefore view all contained
objects - which I naturally don't want to do) and explicitly take that right
away for index_html, any unauthenticated client trying to access the folder
(->index_html) will see *my* standard_error_message (containing the login

What is this all about?
I'm baffled. I want my standard_error_message *everywhere*, *any way*.

tia and cia, (cheers in advance)

P.S.: I've customized LoginManager to get the users from a ZGadfly
connection (at last!). Maybe there's something wrong here? Does Anonymous
need rights to use the database or what?

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to