[Seaside] How can I access the authenticated user of a request?

Ian Prince ian at inextenso.com
Wed Oct 29 09:35:32 CET 2003 

On 29 oct. 03, at 09:08, Avi Bryant wrote:

> Ian Prince wrote:
>
>> My question: is it necessary to do so, isn't the basic authentication 
>> username-password given by the browser's in the http request headers? 
>> If so, how can I access them (or any other headers such as cookies)?
>
> There are several methods you could override that see the request as 
> it goes past, but the request is currently never stored anywhere, so 
> it's not easy to access it from arbitrary code.  I'm not entirely sure 
> that's a bad thing - the HTTP request is not an abstraction I want 
> people to be thinking about very often, if at all, and so if there's 
> anything useful in the request I'd prefer to provide some higher level 
> way of getting at it.  Given that, let me fire the question right back 
> at you - how *should* you be able to access it?

I guess I have been spoiled/ruined by using Zope for too long. In Zope  
you always have the REQUEST object available in DTML. I have no idea 
how this/should this be "translated" into Seaside.

> And what would you use this access for?

In this particular case users are authenticated against a large on-disk 
file of username/passwords. Once a user has an authenticated session he 
or she has restricted access to the filesystem based on the username 
entered.

In retrospect, nearly all the Zope applications I write have REQUEST 
scattered all over the place. Of course, this is because I'm accessing 
session state variables such as username, cookie this and cookie that - 
which won't be necessary in my Seaside apps - so I think I see where 
you are pointing to now.

OK, I'll go back to my code and store the username as an instance 
variable!

Thanks for the input.

Ian.

P.S. on second thought wouldn't access to (say) request cookies be 
useful for retrieving long-lasting seaside-session-independent user 
preferences (e.g. retrieving an email address a user had previously 
entered in a "old" seaside session).


> Avi
>
> _______________________________________________
> Seaside mailing list
> Seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/listinfo/seaside

More information about the Seaside mailing list