On Fri, 20 Jul 2007 00:03:33 +0100, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
How does one get the username for a given request? Bearing in mind that a guard sessions username may have been gathered via an HTML form and not be present on subsequent requests.
What is a username? What if the HTML form presents a CAPTCHA image as a challenge instead of a username/password login? The IResource which is responding to a request (either by satisfying a locateChild call or a renderHTTP call) _is_ the user. For requirements beyond that (and they should be few and far between), you have to impose a limit on exactly what kind of authentication your code will work with and supply a realm which will create avatars (IResource providers) with whatever additional information you need them to have (eg, an HTTP auth username, or the username field of an HTML form, or the CN field of an SSL certificate, or whatever). Jean-Paul