Security Components for Zope 3 Applications

This package provides several components integrating the Zope security implementation into zope 3 applications.

Detailed Dcoumentation

Global principal definition

Global principals are defined via ZCML. There are several kinds of principals that can be defined.

Authenticated Users

There are principals that can log in:

>>> zcml("""
...    <configure
...        xmlns=""
...        >
...      <principal
...         id="zope.manager"
...         title="Manager"
...         description="System Manager"
...         login="admin"
...         password_manager="SHA1"
...         password="40bd001563085fc35165329ea1ff5c5ecbdbbeef"
...         />
...    </configure>
... """)
>>> import pprint
>>> from import principalRegistry
>>> [p] = principalRegistry.getPrincipals('')
>>>, p.title, p.description, p.getLogin(), p.validate('123')
('zope.manager', u'Manager', u'System Manager', u'admin', True)

The unauthenticated principal

There is the unauthenticated principal:

>>> zcml("""
...    <configure
...        xmlns=""
...        >
...      <unauthenticatedPrincipal
...         id="zope.unknown"
...         title="Anonymous user"
...         description="A person we don't know"
...         />
...    </configure>
... """)
>>> p = principalRegistry.unauthenticatedPrincipal()
>>>, p.title, p.description
('zope.unknown', u'Anonymous user', u"A person we don't know")

The unauthenticated principal will also be registered as a utility. This is to provide easy access to the data defined for the principal so that other (more featureful) principal objects can be created for the same principal.

>>> from zope import component
>>> from import interfaces
>>> p = component.getUtility(interfaces.IUnauthenticatedPrincipal)
>>>, p.title, p.description
('zope.unknown', u'Anonymous user', u"A person we don't know")

The unauthenticated group

An unauthenticated group can also be defined in ZCML:

>>> zcml("""
...    <configure
...        xmlns=""
...        >
...      <unauthenticatedGroup
...         id="zope.unknowngroup"
...         title="Anonymous users"
...         description="People we don't know"
...         />
...    </configure>
... """)

This directive creates a group and registers it as a utility providing IUnauthenticatedGroup:

>>> g = component.getUtility(interfaces.IUnauthenticatedGroup)
>>>, g.title, g.description
('zope.unknowngroup', u'Anonymous users', u"People we don't know")

The unauthenticatedGroup directive also updates the group of the unauthenticated principal:

>>> p = principalRegistry.unauthenticatedPrincipal()
>>> in p.groups
>>> p = component.getUtility(interfaces.IUnauthenticatedPrincipal)
>>> in p.groups

If the unauthenticated principal is defined after the unauthenticated group, it will likewise have the group added to it:

>>> reset()
>>> zcml("""
...    <configure
...        xmlns=""
...        >
...      <unauthenticatedGroup
...         id="zope.unknowngroup2"
...         title="Anonymous users"
...         description="People we don't know"
...         />
...      <unauthenticatedPrincipal
...         id="zope.unknown2"
...         title="Anonymous user"
...         description="A person we don't know"
...         />
...    </configure>
... """)
>>> g = component.getUtility(interfaces.IUnauthenticatedGroup)
>>>, g.title, g.description
('zope.unknowngroup2', u'Anonymous users', u"People we don't know")
>>> p = principalRegistry.unauthenticatedPrincipal()
>>>, in p.groups
('zope.unknown2', True)
>>> p = component.getUtility(interfaces.IUnauthenticatedPrincipal)
>>>, in p.groups
('zope.unknown2', True)

The unauthenticated group shows up as a principal in the principal registry:

>>> principalRegistry.getPrincipal( == g
>>> list(principalRegistry.getPrincipals("Anonymous")) == [g]

The authenticated group

There is an authenticated group:

>>> reset()
>>> zcml("""
...    <configure
...        xmlns=""
...        >
...      <unauthenticatedPrincipal
...         id="zope.unknown3"
...         title="Anonymous user"
...         description="A person we don't know"
...         />
...      <principal
...         id="zope.manager2"
...         title="Manager"
...         description="System Manager"
...         login="admin"
...         password="123"
...         />
...      <authenticatedGroup
...         id="zope.authenticated"
...         title="Authenticated users"
...         description="People we know"
...         />
...      <principal
...         id="zope.manager3"
...         title="Manager 3"
...         login="admin3"
...         password="123"
...         />
...    </configure>
... """)

It defines an IAuthenticatedGroup utility:

>>> g = component.getUtility(interfaces.IAuthenticatedGroup)
>>>, g.title, g.description
('zope.authenticated', u'Authenticated users', u'People we know')

It also adds it self to the groups of any non-group principals already defined, and, when non-group principals are defined, they put themselves in the group if it’s defined:

>>> principals = list(principalRegistry.getPrincipals(''))
>>> principals.sort(lambda p1, p2: cmp(,
>>> for p in principals:
...    print, p.groups == []
zope.authenticated False
zope.manager2 True
zope.manager3 True

Excluding unauthenticated principals, of course:

>>> p = principalRegistry.unauthenticatedPrincipal()
>>>, in p.groups
('zope.unknown3', False)
>>> p = component.getUtility(interfaces.IUnauthenticatedPrincipal)
>>>, in p.groups
('zope.unknown3', False)

The everybody group

Finally, there is an everybody group:

>>> reset()
>>> zcml("""
...    <configure
...        xmlns=""
...        >
...      <unauthenticatedPrincipal
...         id="zope.unknown4"
...         title="Anonymous user"
...         description="A person we don't know"
...         />
...      <principal
...         id="zope.manager4"
...         title="Manager"
...         description="System Manager"
...         login="admin"
...         password="123"
...         />
...      <everybodyGroup
...         id="zope.everybody"
...         title="Everybody"
...         description="All People"
...         />
...      <principal
...         id="zope.manager5"
...         title="Manager 5"
...         login="admin5"
...         password="123"
...         />
...    </configure>
... """)

The everybodyGroup directive defines an IEveryoneGroup utility:

>>> g = component.getUtility(interfaces.IEveryoneGroup)
>>>, g.title, g.description
('zope.everybody', u'Everybody', u'All People')

It also adds it self to the groups of any non-group principals already defined, and, when non-group principals are defined, they put themselves in the group if it’s defined:

>>> principals = list(principalRegistry.getPrincipals(''))
>>> principals.sort(lambda p1, p2: cmp(,
>>> for p in principals:
...    print, p.groups == []
zope.everybody False
zope.manager4 True
zope.manager5 True

Including unauthenticated principals, of course:

>>> p = principalRegistry.unauthenticatedPrincipal()
>>>, in p.groups
('zope.unknown4', True)
>>> p = component.getUtility(interfaces.IUnauthenticatedPrincipal)
>>>, in p.groups
('zope.unknown4', True)

Note that it is up to IAuthentication implementations to associate these groups with their principals, as appropriate.

The system_user

There is also a system_user that is defined in the code. It will be returned from the getPrincipal method of the registry.

>>> import
>>> import
>>> auth =
>>> system_user = auth.getPrincipal(u'')
>>> system_user is

Logout Support

Logout support is defined by a simple interface ILogout:

>>> from import ILogout

that has a single ‘logout’ method.

The current use of ILogout is to adapt an IAuthentication component to ILogout To illustrate, we’ll create a simple logout implementation that adapts IAuthentication:

>>> class SimpleLogout(object):
...     adapts(IAuthentication)
...     implements(ILogout)
...     def __init__(self, auth):
...         pass
...     def logout(self, request):
...         print 'User has logged out'
>>> provideAdapter(SimpleLogout)

and something to represent an authentication utility:

>>> class Authentication(object):
...     implements(IAuthentication)
>>> auth = Authentication()

To perform a logout, we adapt auth to ILogout and call ‘logout’:

>>> logout = ILogout(auth)
>>> logout.logout(TestRequest())
User has logged out

The ‘NoLogout’ Adapter

The class:

>>> from import NoLogout

can be registered as a fallback provider of ILogout for IAuthentication components that are not otherwise adaptable to ILogout. NoLogout’s logout method is a no-op:

>>> NoLogout(auth).logout(TestRequest())

Logout User Interface

Because some authentication protocols do not formally support logout, it may not be possible for a user to logout once he or she has logged in. In such cases, it would be inappropriate to present a user interface for logging out.

Because logout support is site-configurable, Zope provides an adapter that, when registered, indicates that the site is configured for logout:

>>> from import LogoutSupported

This class merely serves as a flag as it implements ILogoutSupported:

>>> from import ILogoutSupported
>>> ILogoutSupported.implementedBy(LogoutSupported)

For more information on login/logout UI, see zope/app/security/browser/loginlogout.txt.

The Query View for Authentication Utilities

A regular authentication service will not provide the ISourceQueriables interface, but it is a queriable itself, since it provides the simple getPrincipals(name) method:

>>> class Principal:
...     def __init__(self, id):
... = id
>>> class MyAuthUtility:
...     data = {'jim': Principal(42), 'don': Principal(0),
...             'stephan': Principal(1)}
...     def getPrincipals(self, name):
...         return [principal
...                 for id, principal in
...                 if name in id]

Now that we have our queriable, we create the view for it:

>>> from import AuthUtilitySearchView
>>> from zope.publisher.browser import TestRequest
>>> request = TestRequest()
>>> view = AuthUtilitySearchView(MyAuthUtility(), request)

This allows us to render a search form.

>>> print view.render('test') # doctest: +NORMALIZE_WHITESPACE
<div class="row">
<div class="label">
Search String
<div class="field">
<input type="text" name="test.searchstring" />
<div class="row">
<div class="field">
<input type="submit" name="" value="Search" />

If we ask for results:

>>> view.results('test')

We don’t get any, since we did not provide any. But if we give input:

>>> request.form['test.searchstring'] = 'n'

we still don’t get any:

>>> view.results('test')

because we did not press the button. So let’s press the button:

>>> request.form[''] = 'Search'

so that we now get results (!):

>>> ids = list(view.results('test'))
>>> ids.sort()
>>> ids
[0, 1]

Login/Logout Snippet

The class LoginLogout:

>>> from import LoginLogout

is used as a view to generate an HTML snippet suitable for logging in or logging out based on whether or not the current principal is authenticated.

When the current principal is unauthenticated, it provides IUnauthenticatedPrincipal:

>>> from import IUnauthenticatedPrincipal
>>> from import UnauthenticatedPrincipal
>>> anonymous = UnauthenticatedPrincipal('anon', '', '')
>>> IUnauthenticatedPrincipal.providedBy(anonymous)

When LoginLogout is used for a request that has an unauthenticated principal, it provides the user with a link to ‘Login’:

>>> from zope.publisher.browser import TestRequest
>>> request = TestRequest()
>>> request.setPrincipal(anonymous)
>>> LoginLogout(None, request)()
u'<a href="@@login.html?nextURL=http%3A//">[Login]</a>'

Logout, however, behaves differently. Not all authentication protocols (i.e. credentials extractors/challengers) support ‘logout’. Furthermore, we don’t know how an admin may have configured Zope’s authentication. Our solution is to rely on the admin to tell us explicitly that the site supports logout.

By default, the LoginLogout snippet will not provide a logout link for an unauthenticated principal. To illustrate, we’ll first setup a request with an unauthenticated principal:

>>> from import IPrincipal
>>> from zope.interface import implements
>>> class Bob:
...     implements(IPrincipal)
...     id = 'bob'
...     title = description = ''
>>> bob = Bob()
>>> IUnauthenticatedPrincipal.providedBy(bob)
>>> request.setPrincipal(bob)

In this case, the default behavior is to return None for the snippet:

>>> print LoginLogout(None, request)()

To show a logout prompt, an admin must register a marker adapter that provides the interface:

>>> from import ILogoutSupported

This flags to LoginLogout that the site supports logout. There is a ‘no-op’ adapter that can be registered for this:

>>> from import LogoutSupported
>>> from import ztapi
>>> ztapi.provideAdapter(None, ILogoutSupported, LogoutSupported)

Now when we use LoginLogout with an unauthenticated principal, we get a logout prompt:

>>> LoginLogout(None, request)()
u'<a href="@@logout.html?nextURL=http%3A//">[Logout]</a>'

Principal Terms

Principal Terms are used to support browser interfaces for searching principal sources. They provide access to tokens and titles for values. The principal terms view uses an authentication utility to get principal titles. Let’s create an authentication utility to demonstrate how this works:

>>> class Principal:
...     def __init__(self, id, title):
..., self.title = id, title
>>> from zope.interface import implements
>>> from import IAuthentication
>>> from import PrincipalLookupError
>>> class AuthUtility:
...     implements(IAuthentication)
...     data = {'jim': 'Jim Fulton', 'stephan': 'Stephan Richter'}
...     def getPrincipal(self, id):
...         title =
...         if title is not None:
...             return Principal(id, title)
...         raise PrincipalLookupError

Now we need to install the authentication utility:

>>> from import ztapi
>>> ztapi.provideUtility(IAuthentication, AuthUtility())

We need a principal source so that we can create a view from it.

>>> from import zapi
>>> class PrincipalSource:
...     def __contains__(self, id):
...          auth = zapi.getUtility(IAuthentication)
...          try:
...              auth.getPrincipal(id)
...          except PrincipalLookupError:
...              return False
...          else:
...              return True

Now we can create an terms view:

>>> from import PrincipalTerms
>>> terms = PrincipalTerms(PrincipalSource(), None)

Now we can ask the terms view for terms:

>>> term = terms.getTerm('stephan')
>>> term.title
'Stephan Richter'
>>> term.token

If we ask for a term that does not exist, we get a lookup error:

>>> terms.getTerm('bob')
Traceback (most recent call last):
LookupError: bob

If we have a token, we can get the principal id for it.

>>> terms.getValue('c3RlcGhhbg__')


3.5.0 (2008-02-05)

  • returns when its id is used for the search key.

3.4.0 (2007-10-27)

  • Initial release independent of the main Zope tree.

