id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc	branch	branch_author	launchpad_bug
2460	HTTPAuthResource doesn't provide any way to support anonymous access.	dreid		"I think in the absence of an Authorization header portal.login should be called with twisted.cred.credentials.Anonymous, in the case where anonymous access is not allowed (i.e. no checker registered for the IAnonymous credentials interface) portal.login will errback and an unauthorized response will be sent.  Otherwise requestAvatar on the realm will be called normally.

This will also require a mechanism for resources below the HTTPAuthResource to trigger authentication at anypoint when the Anonymous credentials prove insufficient.  This could be a method on the IAuthenticatedRequest, perhaps IAuthenticatedRequest.reauthenticate()"	enhancement	closed	highest		web2	fixed		therve