WebStack

docs/users.html

732:7f1f02b485f8
2007-11-12 paulb [project @ 2007-11-12 00:50:03 by paulb] Introduced base classes for common authentication activities. Made cookie usage "safe" for usernames containing ":" characters. Added support for OpenID signatures.
     1 <?xml version="1.0" encoding="iso-8859-1"?>     2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">     3 <html xmlns="http://www.w3.org/1999/xhtml">     4 <head>     5   <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type" />     6   <title>Users and Authentication</title>     7   <link href="styles.css" rel="stylesheet" type="text/css" />     8 </head>     9 <body>    10 <h1>Users and Authentication</h1>    11 <p>One way of discovering the identity of the user sending a request    12 into your application is to test the identity using methods on the    13 transaction object. Before this can be made to work, you must set    14 up authentication for your application, as described in <a    15  href="securing.html">"Securing a WebStack Application"</a>. Once    16 authentication is working, every request that arrives in the    17 application will have the identity of the user attached automatically.</p>    18 <h2>Uses of User Identity</h2>    19 <p>Having access to a user's identity can be useful in making decisions    20 about which operations that user is able to perform within your    21 application. Moreover, the user identity provided by authentication    22 mechanisms can tell you more about who that user is, as opposed to    23 typical session information which, on its own, can only really confirm    24 that the user in question has visited the application before.</p>    25 <div class="WebStack">    26 <h3>WebStack API - User Identity</h3>    27 <p>Transaction objects have the following methods for inspecting and    28 redefining the identity of users:</p>    29 <dl>    30   <dt><code>get_user</code></dt>    31   <dd>This gets the name of the user attempting to access the    32 application.</dd>    33   <dt><code>set_user</code></dt>    34   <dd>This sets the name of the user, thus affecting subsequent calls    35 to <code>get_user</code>, allowing certain parts of an application to    36 view users according to other criteria than their basic username - for    37 example, one might use <code>set_user</code> to redefine each user's    38 identity in terms of the role that user may have in an application.</dd>    39 </dl>    40 </div>    41 </body>    42 </html>