1.1 --- a/docs/Zope/NOTES.txt Sun Sep 19 17:12:37 2004 +0000
1.2 +++ b/docs/Zope/NOTES.txt Sun Sep 19 17:12:43 2004 +0000
1.3 @@ -21,3 +21,27 @@
1.4 URL; for example:
1.5
1.6 http://localhost:8080/test
1.7 +
1.8 +--------
1.9 +
1.10 +Authentication/authorisation in Zope:
1.11 +
1.12 +Like mod_python (and Apache), Zope prevents application-level control over
1.13 +HTTP Basic authentication. However, the authenticator approach can still be
1.14 +used to control access to resources. When the Auth example is deployed in a
1.15 +normal "public" folder in a Zope instance, it is possible to merely supply the
1.16 +desired username and any password to satisfy the elementary security check.
1.17 +However, should the Auth example be deployed in a folder with its own access
1.18 +controls, then all access to the application must first go through the Zope
1.19 +security checks (which entail the proper authentication of the user through
1.20 +the validation of the user's password) before being validated by the
1.21 +elementary security check performed in the AuthAuthenticator class.
1.22 +
1.23 +To set up such a protected folder, do the following in the Zope management
1.24 +interface:
1.25 +
1.26 + * Choose "Folder" in the menu of objects to add.
1.27 + * Choose an "Id" and "Title", and to "Create user folder", then "Add".
1.28 + * Choose the new folder.
1.29 + * Add appropriate users to the "acl_users" folder inside the new folder.
1.30 + * Add WebStack resources to the new folder.