From 47b4d3ee62dfdb830a83192907b0602218f9ab5e Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Fri, 3 Oct 2008 20:11:06 +0000 Subject: Docs - An "Environment and Configuration" chapter was added to the narrative portion of the documentation. Features - Ensure bfg doesn't generate warnings when running under Python 2.6. - The environment variable ``BFG_RELOAD_TEMPLATES`` is now available (serves the same purpose as ``reload_templates`` in the config file). - A new configuration file option ``debug_authorization`` was added. This turns on printing of security authorization debug statements to ``sys.stderr``. The ``BFG_DEBUG_AUTHORIZATION`` environment variable was also added; this performs the same duty. Bug Fixes - The environment variable ``BFG_SECURITY_DEBUG`` did not always work. It has been renamed to ``BFG_DEBUG_AUTHORIZATION`` and fixed. Deprecations - A deprecation warning is now issued when old API names from the ``repoze.bfg.templates`` module are imported. Backwards incompatibilities - The ``BFG_SECURITY_DEBUG`` environment variable was renamed to ``BFG_DEBUG_AUTHORIZATION``. --- docs/narr/security.rst | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) (limited to 'docs/narr/security.rst') diff --git a/docs/narr/security.rst b/docs/narr/security.rst index 1053ccc42..b57ad2958 100644 --- a/docs/narr/security.rst +++ b/docs/narr/security.rst @@ -164,16 +164,27 @@ be performed. See :ref:`location_module` for documentations of functions which use location-awareness. -Debugging Security Failures ---------------------------- +.. _debug_authorization_section: -If your application is allowing or denying access inappropriately (in -your judgment), start your application under a shell using the -``BFG_SECURITY_DEBUG`` environment variable. For example:: +Debugging Authorization Failures +-------------------------------- - $ BFG_SECURITY_DEBUG=1 bin/paster serve myproject.ini +If your application in your judgment is allowing or denying access +inappropriately, start your application under a shell using the +``BFG_DEBUG_AUTHORIZATION`` environment variable set to ``1``. For +example:: + + $ BFG_DEBUG_AUTHORIZATION=1 bin/paster serve myproject.ini When any authorization takes place, a message will be logged to the -console about what ACE in which ACL permitted or denied the -authorization based on authentication information. +console (to stderr) about what ACE in which ACL permitted or denied +the authorization based on authentication information. + +This behavior can also be turned on in the application ``.ini`` file +by setting the ``debug_authorization`` key to ``true`` within the +application's configuration section, e.g.:: + + [app:main] + use = egg:MyProject#app + debug_authorization = true -- cgit v1.2.3