Authorisation algorithm

by Plone Documentation Team last modified Dec 30, 2008 03:07 PM
Contributors: Mikko Ohtamma, Martin Aspeli, Kamon Ayeva, Israel Saeta Pérez

These are the steps the PAS user folder follows in its validate method:

  1. extract all credentials. This looks for any possible form of authentication information in a request: HTTP cookies, HTTP form parameters, HTTP authentication headers, originating IP address, etc. A request can have multiple (or no) sets of credentials.
  2. for each set of credentials found
    1. try to authorise the credentials. This checks if the credentials correspond to a known user and are valid.
    2. create a user instance
    3. try to authorise the request. If succesful use this user and stop further processing.
  3. create an anonymous user
  4. try to authorise the request using the anonymous user. If succesful use this, if not:
  5. issue a challenge