From 86ed4016ea6a681d4f579ace62cea032a679544d Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@agendaless.com>
Date: Sun, 24 May 2009 23:12:59 +0000
Subject: Features --------

- It is now possible to write a custom security policy that returns a
  customized ``Forbidden`` WSGI application when BFG cannot authorize
  an invocation of a view.  To this end, ISecurityPolicy objects must
  now have a ``forbidden`` method.  This method should return a WSGI
  application.  The returned WSGI application should generate a
  response which is appropriate when access to a view resource was
  forbidden by the security policy (e.g. perhaps a login page).
  ``repoze.bfg`` is willing to operate with a custom security policy
  that does not have a ``forbidden`` method, but it will issue a
  warning; eventually security policies without a ``forbidden`` method
  will cease to work under ``repoze.bfg``.

  Note that the ``forbidden`` WSGI application returned by the
  security policy is not used if a developer has registered an
  IForbiddenAppFactory (see the "Hooks" narrative chapter); the
  explicitly registered IForbiddenAppFactory will be preferred over
  the (more general) security policy forbidden app factory.

- All default security policies now have a ``forbidden`` callable
  attached to them.  This particular callable returns a WSGI
  application which generates a ``401 Unauthorized`` response for
  backwards compatibility (had backwards compatibility not been an
  issue, this callable would have returned a WSGI app that generated a
  ``403 Forbidden`` response).

Backwards Incompatibilities
---------------------------

- Custom NotFound and Forbidden (nee' Unauthorized) WSGI applications
  (registered a a utility for INotFoundAppFactory and
  IUnauthorizedAppFactory) could rely on an environment key named
  ``message`` describing the circumstance of the response.  This key
  has been renamed to ``repoze.bfg.message`` (as per the WSGI spec,
  which requires environment extensions to contain dots).

Deprecations
------------

- The ``repoze.bfg.interfaces.IUnauthorizedAppFactory`` interface has
  been renamed to ``repoze.bfg.interfaces.IForbiddenAppFactory``.
---
 repoze/bfg/wsgi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'repoze/bfg/wsgi.py')

diff --git a/repoze/bfg/wsgi.py b/repoze/bfg/wsgi.py
index abe7ebead..027345673 100644
--- a/repoze/bfg/wsgi.py
+++ b/repoze/bfg/wsgi.py
@@ -105,7 +105,7 @@ def wsgiapp2(wrapped):
 class HTTPException(object):
     def __call__(self, environ, start_response, exc_info=False):
         try:
-            msg = escape(environ['message'])
+            msg = escape(environ['repoze.bfg.message'])
         except KeyError:
             msg = ''
         html = """<body>
-- 
cgit v1.2.3