WebStack

docs/authenticators.html

400:5b276bbcbbb5
2005-07-16 paulb [project @ 2005-07-16 20:32:38 by paulb] Changed virtual path info in sub-resources so that it may be an empty string.
     1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">     2 <html xmlns="http://www.w3.org/1999/xhtml">     3 <head>     4   <title>Application-Wide Authenticators</title>     5   <meta name="generator"     6  content="amaya 8.1a, see http://www.w3.org/Amaya/" />     7   <link href="styles.css" rel="stylesheet" type="text/css" />     8 </head>     9 <body>    10 <h1>Application-Wide Authenticators</h1>    11 <p>Authenticators are special classes which can, in conjunction with    12 mechanisms in the server environment, judge whether a user of an    13 application    14 is recognised or not. The process of using authenticators is as follows:</p>    15 <ol>    16   <li>Set up authentication in the server environment or framework in    17 which the application is to be deployed.</li>    18   <li>Introduce an authenticator class in the application.</li>    19 </ol>    20 <h2>Setting Up Authentication</h2>    21 <p>The exact details of configuring authentication mechanisms in each    22 server    23 environment may vary substantially. For example, Apache environments    24 require    25 that <code>Auth</code> directives be specified in the Apache    26 configuration    27 files (see <code>docs/ModPython/NOTES.txt</code>); in Zope    28 environments,    29 protected folders can be defined to hold the application when deployed    30 (see    31 <code>docs/Zope/NOTES.txt</code>).</p>    32 <h2>Defining an Authenticator</h2>    33 <p>An authenticator must be defined within your application in order to    34 make    35 decisions about users who have presented their credentials; this    36 authenticator will respond with a decision when prompted by the server    37 or    38 underlying framework, either allowing or denying access for the user    39 whose    40 identity has been presented to the server/framework.</p>    41 <p>The code for an authenticator usually looks like this:</p>    42 <pre>class MyAuthenticator:<br /><br />    "This is an authenticator - something which decides whether a user is known to the application."<br /><br />    def authenticate(self, trans):<br />        user = trans.get_user()<br />        [Make a decision about the validity of the user.]<br />        [Return a true value if the user is allowed to access the application.]<br />        [Return a false value if the user is not recognised or allowed to access the application.]<br /><br />    def get_auth_type(self):<br />        "This method returns 'Basic' in most deployments."<br />        return "Basic"<br /><br />    def get_realm(self):<br />        "This method returns something to distinguish this authentication mechanism from others."<br />        return "MyRealm"</pre>    43 <p>In this mechanism, authenticators rely on authentication information    44 from    45 the server environment and have a "global" effect on access to the    46 application.    47 However, it is always possible to test the user identity later on and    48 to    49 change the way an application behaves accordingly - see <a    50  href="users.html">"Users and Authentication"</a> for more information.</p>    51 <h2>Introducing an Authenticator</h2>    52 <p>Authenticator objects are created in the adapter code - see <a    53  href="writing-adapters.html">"Writing Adapters"</a> for more    54 information.</p>    55 <h2>Anonymous Access</h2>    56 <p>With application-wide authenticators, anonymous access to resources    57 and    58 applications can be difficult to permit alongside access by specific    59 users,    60 mostly because servers and frameworks which employ HTTP authentication    61 schemes do so globally for a given application.</p>    62 <h2>Logout Functions</h2>    63 <p>With application-wide authenticators, a logout function may not be    64 available if the server/framework has been configured to use HTTP    65 authentication schemes, mainly because no logout mechanism generally    66 exists    67 for such schemes.</p>    68 </body>    69 </html>