1 <?xml version="1.0" encoding="iso-8859-1"?> 2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 3 <html xmlns="http://www.w3.org/1999/xhtml"> 4 <head> 5 <title>Application-Wide Authenticators</title> 6 <link href="styles.css" rel="stylesheet" type="text/css" /> 7 </head> 8 <body> 9 <h1>Application-Wide Authenticators</h1> 10 <p>Authenticators are special classes which can, in conjunction with 11 mechanisms in the server environment, judge whether a user of an 12 application 13 is recognised or not. The process of using authenticators is as follows:</p> 14 <ol> 15 <li>Set up authentication in the server environment or framework in 16 which the application is to be deployed.</li> 17 <li>Introduce an authenticator class in the application.</li> 18 </ol> 19 <h2>Setting Up Authentication</h2> 20 <p>The exact details of configuring authentication mechanisms in each 21 server 22 environment may vary substantially. For example, Apache environments 23 require 24 that <code>Auth</code> directives be specified in the Apache 25 configuration 26 files (see <code>docs/ModPython/NOTES.txt</code>); in Zope 27 environments, 28 protected folders can be defined to hold the application when deployed 29 (see 30 <code>docs/Zope/NOTES.txt</code>).</p> 31 <h2>Defining an Authenticator</h2> 32 <p>An authenticator must be defined within your application in order to 33 make 34 decisions about users who have presented their credentials; this 35 authenticator will respond with a decision when prompted by the server 36 or 37 underlying framework, either allowing or denying access for the user 38 whose 39 identity has been presented to the server/framework.</p> 40 <p>The code for an authenticator usually looks like this:</p> 41 <pre>class MyAuthenticator:<br /><br /> "This is an authenticator - something which decides whether a user is known to the application."<br /><br /> def authenticate(self, trans):<br /> user = trans.get_user()<br /> [Make a decision about the validity of the user.]<br /> [Return a true value if the user is allowed to access the application.]<br /> [Return a false value if the user is not recognised or allowed to access the application.]<br /><br /> def get_auth_type(self):<br /> "This method returns 'Basic' in most deployments."<br /> return "Basic"<br /><br /> def get_realm(self):<br /> "This method returns something to distinguish this authentication mechanism from others."<br /> return "MyRealm"</pre> 42 <p>In this mechanism, authenticators rely on authentication information 43 from 44 the server environment and have a "global" effect on access to the 45 application. 46 However, it is always possible to test the user identity later on and 47 to 48 change the way an application behaves accordingly - see <a 49 href="users.html">"Users and Authentication"</a> for more information.</p> 50 <h2>Introducing an Authenticator</h2> 51 <p>Authenticator objects are created in the adapter code - see <a 52 href="writing-adapters.html">"Writing Adapters"</a> for more 53 information.</p> 54 <h2>Anonymous Access</h2> 55 <p>With application-wide authenticators, anonymous access to resources 56 and 57 applications can be difficult to permit alongside access by specific 58 users, 59 mostly because servers and frameworks which employ HTTP authentication 60 schemes do so globally for a given application.</p> 61 <h2>Logout Functions</h2> 62 <p>With application-wide authenticators, a logout function may not be 63 available if the server/framework has been configured to use HTTP 64 authentication schemes, mainly because no logout mechanism generally 65 exists 66 for such schemes.</p> 67 </body> 68 </html>