Stijn, It's real funny you should email me this. I am just submitting an article for CFDJ/MAX regarding roles based security implementation. It is actually a rewrite of a previous article I did on the same subject for CF 4.5/5.0.
Long story short, you definitely want to create a session user object. In my article I'm describing how to do this with a single CFC that has 3 methods (4 if you count the init()). I authenticate and authorize against an LDAP. You will find the foundation for this code at my colleague Brandon Purcell's blog: http://www.bpurcell.org/blog/index.cfm?mode=entry&entry=978. We put together the code for his MAX presentation. I go one step beyond by adding a setAuthUser() that basically retrieves the some of the user's attributes (cn, mail, givenname, dn, etc.) and then creates a user structure. I then call the authorization function and add the user's roles to the user structure. setAuthUser() then returns the user structure. Of course you can do something like Session.UserObject = Auth.setAuthUser(cflogin.name, cflogin.password). Sound like something that will work for you? I did it this way in one CFC for the purpose of the article, but you could stick setAuthUser in its on CFC and extend the Auth.cfc. You see where I'm going with this? Does this help you at all or muddy the waters even more? Let me know and I'll try and clear them. Also, look out for my blog coming soon to www.sargeway.com. Sarge Sr. Product Support Engineer Macromedia Inc. [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, January 08, 2004 3:36 AM Subject: [CFCDev] Conceptual question I am in the middle of a conceptual analysis for a extranet application. In short, the application offers search interfaces and documents to a group of users based on some criteria. The properties of each of these users can be roughly divided into a the following sections: Roles (normal user, siteadmin, system admin, ...) Profile (access restrictions for searching/opening documents) Account (administrative user data like email, birthdate etc) Preferences (preferred language, doc format, ...) The functionality behind each of the sections is rather complex and i am unsure about putting this all into a single us UserManager component. My first idea goes out to writing a seperate manager for each of the sections and somehow compose a UserManager component that will call within itself these individual components. Upon following this mailinglist i notice you guys spend lots of time discussing best practices on these kind of questions, and i feel like the decision i have to take is a very important one. The User object must be session based. Do i create a object with a struct for the userdata? do i create new objects in this user object for each of the sections above? Rather take a good approach now i'm still in this stage, i kindly ask for feedback. Kind Regards, Stijn Dreezen ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com). An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED] ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com). An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
