Jim, I actually came across your site a little after I sent the message and it looks like you are going in the direction I was thinking. I will take a look.
Thanks. -----Original Message----- From: Jim Davis [mailto:[EMAIL PROTECTED] Sent: Thursday, October 05, 2006 3:50 AM To: CF-Talk Subject: RE: Object Oriented Role Base Security > On 10/5/06, Denny Valliant <[EMAIL PROTECTED]> wrote: > > Heh. The silver bullet! > > > > If you find it, holler, I too would be interested... > > > > Other than that, you can try checking out the (sheesh, I'm bad > > today) the MG list, as a nice discussion of this has been going down > > for a few days. It's more geared for MG than just anything though > > (although MG seems to be (sorta) a concept, so thus applicable > > elsewhere, if one grokked it well enough), so that might not really > > be that great of a resource for you. > > > > Hrm... I don't know of anthing that blew my socks off conceptually... > > or I'm forgetting it. > > > > I would for sure take a look at depressedpress.com (Jim has shared > > some really nice stuff, and has some modular whatnot going on). > > Yeah, Props Jim, and thanks for sharing! I've actually got an example of an OO-based security at depressedpress as part of the DPLibraries (look at the bottom for the security system): http://www.depressedpress.com/Content/Development/ColdFusion/DPLibraries Unfortunately I've never actually gotten around to documenting the system... but all of the components are fully documented (self-documenting actually). The basic idea of the system is that it can be instantiated (either in the server or the application scope) very easily and "bolted on" to system very quickly. The system represents users as three objects: Credentials (system information like passwords or usernames), Entitlements (information about what a user is allowed to do) and Profiles (personal information about the user - phone numbers, addresses, etc). Each of these objects is abstracted - you can extend them or replace them completely easily. I really love to use it - very simple. To check an entitlement you could do this (assuming that the security system was instantiated in the application scope and that Session.Key is the unique ID of the session): Application.DPSecurity.isEntitled(Session.Key, "Administrator"); The above would return a Boolean. To see if somebody is logged in you would do: Application.DPSecurity.isAuthentication(Session.Key) If the user was logged in then an "Authentication" object is linked to the ID. If you wanted to get information out of the profile you could do: Application.DPSecurity.getAuthentication(Session.Key).getProfile() The system is pretty damn performant - access to persistent information is done through various "Mediator" objects which intelligently cache information for speed. This is only the "guts" of the system - essentially an API. There's really no interface to it. It makes building a full security system easier by providing essential services. All that said the system is also somewhat old now - it was written with CFMX 6 in mind. Still - if anybody is interested I've got a sample site showing how it's set up and used. I'd be happy to zip it up and send it to anybody that wants it. Jim Davis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:255660 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
