diff options
| author | Karl O. Pinc <kop@meme.com> | 2014-08-12 22:33:48 -0500 |
|---|---|---|
| committer | Karl O. Pinc <kop@meme.com> | 2014-08-12 23:53:22 -0500 |
| commit | a0cba72fb9925a1476ebf0848fa6ae07bbea5840 (patch) | |
| tree | 430622c9c380ac15a12dea149e9e09db14b08871 | |
| parent | dc324784193a577bc039dcddb0651ef5ec9e6f57 (diff) | |
| download | pyramid-a0cba72fb9925a1476ebf0848fa6ae07bbea5840.tar.gz pyramid-a0cba72fb9925a1476ebf0848fa6ae07bbea5840.tar.bz2 pyramid-a0cba72fb9925a1476ebf0848fa6ae07bbea5840.zip | |
Docs: Include the concept of credentials in the high level security overview.
| -rw-r--r-- | docs/narr/security.rst | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/docs/narr/security.rst b/docs/narr/security.rst index f3879d0ba..29c62d9f3 100644 --- a/docs/narr/security.rst +++ b/docs/narr/security.rst @@ -13,6 +13,11 @@ authorization system can use the credentials in the :term:`request` along with the :term:`context` resource to determine if access will be allowed. Here's how it works at a high level: +- A user may or may not have previously visited the application and + supplied authentication credentials, including a :term:`userid`. If + so, the application may have called + :func:`pyramid.security.remember` to remember these. + - A :term:`request` is generated when a user visits the application. - Based on the request, a :term:`context` resource is located through @@ -25,7 +30,9 @@ allowed. Here's how it works at a high level: context as well as other attributes of the request. - If an :term:`authentication policy` is in effect, it is passed the - request; it returns some number of :term:`principal` identifiers. + request. Based on the request and the remembered (or lack of) + :term:`userid` and related credentials it returns some number of + :term:`principal` identifiers. - If an :term:`authorization policy` is in effect and the :term:`view configuration` associated with the view callable that was found has |