Re: [Zopexmlmethods-users] permission problem when importing xslt

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello:

In order to understand your problem, I would need to see the URL you are 
using for importing.
However, here is some information that might be helpful.

When you make an HTTP request to Zope, you get authenticated.  That 
information is then
a part of the REQUEST parameter.  As long as you hang on to the REQUEST 
parameter,
Zope will use the same authentication information.

However, if you go back out and request a URL directly eg *NOT FROM A 
BROWSER*
such as the following:

xsl:include href="http://www.acme.com/foo/bar.xsl"

you are not using the REQUEST parameter, and Zope will treat this as an 
anonymous
request.  That is because the above statement translates more or less 
directly to the python

urllib.urlopen()

-- please see the Python reference for details. 

In order to avoid this problem, you should use the URN resolver (see the 
documentation)
or relative URLs.  Internally, I made ZopeXMLMethods translate relative 
URLs (or URNs) into Zope
object traversals so that the security context is maintained.  That is 
the *only* way I know
how to maintain the context, otherwise it is lost and you have the 
problem you observed.
While debugging ZopeXMLMethods, I saw this error message many times!

Caveat:  in order to translate relative URLs into Zope traversals, I 
require certain resolver
hooks that are not available in all libraries.  You should check the 
documentation to see if
it is working with the library you are using.  Of course, ZopeXMLMethods 
is being updated,
and the new 1.1 version is not done yet.   I hope to release the new 
version relatively soon,
but have been slammed with lots of client (paying) work recently. 

Hope this helps,

--Craeg

Giuseppe Bonelli wrote:

>Hi all,
>I have the following permission problem I am trying to debug and I hope
>someone can help.
>
>Here is my situation:
>I have a method which call an xslt transform (using
>FourSuite11Processor) and everything goes well unless when the xslt
>import another xsl via <xsl:import href="..."/> (yes, the URI passed for
>resolving imports is correct).
>
>In this case, an extra authorization step is required from within the
>python console (_not_ through Zope login widget), after which everything
>works normally.
>
>In the log a got the following entry (styleSheet.xsl is the xsl being
>imported from the calling xsl):
>
>127.0.0.1  - Anonymous [12/Aug/2003:13:58:25 +0200] "GET styleSheet.xsl
>HTTP/1.0" 401 803 "" "Python-urllib/1.15"
>
>Obviously I already authenticated myself when starting the Zope session.
>
>It seems the security context gets lost when importing, but I cannot
>understand how can I resolve this.
>
>I am probably missing something very simple, ... but I don't get it !!
>
>Any ideas ?
>
>I am using 1-1-0a.
>
>Thanks,
>
>__peppo
>
>
>
>  
>