Fix authentication policy example.

Closes #137

1 files changed, 13 insertions, 2 deletions

diff --git a/docs/narr/security.rst b/docs/narr/security.rst
index 6e07c9338..c7a07b857 100644
--- a/docs/narr/security.rst
+++ b/docs/narr/security.rst
@@ -564,12 +564,23 @@ that implements the following interface:
 
    class AuthenticationPolicy(object):
        """ An object representing a Pyramid authentication policy. """
+
        def authenticated_userid(self, request):
            """ Return the authenticated userid or ``None`` if no
-           authenticated userid can be found. """
+           authenticated userid can be found. This method of the policy 
+           should ensure that a record exists in whatever persistent store is 
+           used related to the user (the user should not have been deleted); 
+           if a record associated with the current id does not exist in a 
+           persistent store, it should return ``None``."""
+
+       def unauthenticated_userid(self, request):
+           """ Return the *unauthenticated* userid.  This method performs the
+           same duty as ``authenticated_userid`` but is permitted to return the
+           userid based only on data present in the request; it needn't (and
+           shouldn't) check any persistent store to ensure that the user record
+           related to the request userid exists."""
 
        def effective_principals(self, request):
-
            """ Return a sequence representing the effective principals
            including the userid and any groups belonged to by the current
            user, including 'system' groups such as