Hi Kevan, For changePassword() and hasRole(), I'd just put delegates in the SiteUser and let a SiteUserSecurity.cfc or similar do the actual work as I think I'd like to encapsulate the security algorithms elsewhere than in the business object.
As for login, this depends on your architecture. Do you HAVE a site user who logs in and then gets access to their historic data or don't you even HAVE a site user until the user logs in. Both work for different use cases. In the first case, you could quite reasonably ask a site user to log in and it would delegate that to the appropriate SiteUserSecurity.cfc (or whatever as long as it isn't the UserService). In the second case, I would actually call something like SiteUser.getAuthenticatedUser() passing in the username and password and returning a loaded site user which could be put into session scope (depending on your session implementation you may have to just put an ID into the session scope and reload the user for each page request). Best Wishes, Peter On 1/10/07 3:39 AM, "Kevan Stannard" <[EMAIL PROTECTED]> wrote: > Hi Peter > > Thanks for your thoughts - very much appreciated. > > For changePassword() and hasRole() in the SiteUser would you still delegate > this to the security service (referenced within the SiteUser object) or > would you put the actual implementation in the SiteUser? > > It still sounds like we would still have a > securityService.login(siteUser,username,password) but not a > siteUser.login(username,password). Something doesn't seem right about > passing the username and password to the siteUser and asking it to > authenticate itself. > > What do you think? > > Best Regards > > Kevan > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Bell > Sent: Wednesday, 10 January 2007 9:30 AM > To: [email protected] > Subject: Re: SPAM-LOW: [CFCDEV] Code Examples for User Authentication Login > > I actually think some of those could go into a session based SiteUser object > - I typically put operations into a service method only if they relate to a > collection of objects or if an object instance doesn't yet exist (in which > case the service method or the DI engine has to handle it - one of the two). > Because that seems to me object specific, for know I put such code into the > service method rather than a generalized factory. > > For example, I'd put changePassword() and hasRole() into the SiteUser > business object. Not always the right approach, but not a bad generalized > solution. > > Best Wishes, > Peter > > > On 1/9/07 4:23 PM, "Aaron Roberson" <[EMAIL PROTECTED]> wrote: > >> Peter, >> >> I read your comments on Kevan's blog post. I like the idea of using >> the userService to delegate authentication to the >> userAuthenticationService as you mentioned. However, I am wondering if >> you would place all of the methods (isLoggedIn, login, logout, >> hasRole, and changePassword) in the userAuthenticationService? >> >> I do appreciate Kevan's post and have a much better idea now of what I >> am needing to do. Thank you! >> >> -Aaron >> >> On 1/9/07, Peter Bell <[EMAIL PROTECTED]> wrote: >>> On 1/9/07 2:44 PM, "Kevan Stannard" <[EMAIL PROTECTED]> wrote: >>>> Any feedback from anyone on the list is appreciated. >>> >>> Well, you asked! Nice blog, btw. >>> >>> Best Wishes, >>> Peter >> >> >> You are subscribed to cfcdev. To unsubscribe, please follow the > instructions >> at http://www.cfczone.org/listserv.cfm >> >> CFCDev is supported by: >> Katapult Media, Inc. >> We are cool code geeks looking for fun projects to rock! >> www.katapultmedia.com >> >> An archive of the CFCDev list is available at >> www.mail-archive.com/[email protected] >> > > > > > > You are subscribed to cfcdev. To unsubscribe, please follow the instructions > at http://www.cfczone.org/listserv.cfm > > CFCDev is supported by: > Katapult Media, Inc. > We are cool code geeks looking for fun projects to rock! > www.katapultmedia.com > > An archive of the CFCDev list is available at > www.mail-archive.com/[email protected] > > > > You are subscribed to cfcdev. To unsubscribe, please follow the instructions > at http://www.cfczone.org/listserv.cfm > > CFCDev is supported by: > Katapult Media, Inc. > We are cool code geeks looking for fun projects to rock! > www.katapultmedia.com > > An archive of the CFCDev list is available at > www.mail-archive.com/[email protected] > You are subscribed to cfcdev. To unsubscribe, please follow the instructions at http://www.cfczone.org/listserv.cfm CFCDev is supported by: Katapult Media, Inc. We are cool code geeks looking for fun projects to rock! www.katapultmedia.com An archive of the CFCDev list is available at www.mail-archive.com/[email protected]
