[railroad-dev] "Authorization Required" when accessing formupload

Julian Davison julian-railroad at tech.cbhs.school.nz
Wed Apr 6 05:06:48 MEST 2005 

Tom Lazar wrote:
> when I point my browser to
> 
> http://media.home.tomster.org/rrr/service/formupload

One thing I have found with Railroad is that bits of it
don't work in isolation.
The 'formupload' is for adding content to the repository,
and expects specific data in a POST. I think the requirements
are actually in the docs (I forget whether I found some things
in the docs or the source :) but it's easiest to just use the
provided upload form and adjust it.


> I get
> 
> --snip--
> Authorization Required
> 
> This server could not verify that you are authorized to access the 
> document requested. Either you supplied the wrong credentials (e.g., bad 
> password), or your browser doesn't understand how to supply the 
> credentials required.
> Apache/2.0.53 (FreeBSD) mod_ssl/2.0.53 OpenSSL/0.9.7d DAV/2 
> mod_python/3.1.4 Python/2.3.5 Server at media.home.tomster.org Port 80
> --snap--
> 
> - how can I pass the credentials?
> - WHAT are the credentials? the username and password of the database 
> user? a plone user?
> 
> still puzzled,

Railroad is, effectively, a two part entity.

The WebDAV Railroad repository only stores the actual data
(file, image, mpeg, etc) and associated meta-data
(description, copyright, etc).

The (Plone) interface provides the fun menus/directories/structure
and views on the metadata. It also (again, effetively) handles the
access control, determining who can access what, so this is where
your users/usernames/passwords live.

As the repository also has to be able to verify that a request
is allowed (as its the one that's actually delivering the data)
it must interact with the interface in order to validate accesses.
When you request something from the repository, it asks Plone
(or whatever URL you've provided it with) whether or not the
specified object permits access by the username/password pair
provided.
If the username/password isn't allowed access a regular 401
'Authorisation required' is returned.
(The username and password may, in fact, not be provided,
  which is also okay for those objects which anyone may
  access)

Hopefully that made sense.

The quirk which means this is relevant for the formupload is
that, before Railroad will allow you to do anything at all to
data in the repository (including add it in the first place),
a corresponding proxy object must exist so that Railroad can
determine that you are allowed change access to it.

Getting the authorisation setup has tripped a few people up :)


J,

More information about the railroad-dev mailing list