RE: [CFCDev] OO Security?

GroupOne Dev. Tue, 08 Mar 2005 10:46:52 -0800

Now that I say this however, I am back to questioning whether this functionality should be in the object itself or on the controller? Should an object be tied this tightly to the authentication manager and the user or user group objects? Or, should the document object strictly know about document stuff and leave authentication to the controller since that does not specifically relate to a document?

Thanks
-- Jeff

From: "GroupOne Dev." <[EMAIL PROTECTED]>
Sent: Tuesday, March 08, 2005 12:33 PM
To: [email protected]
Subject: RE: [CFCDev] OO Security?

This is along the lines of what I was saying. However, it goes one step further by refactoring and pulling that common functionality out of each object and putting it in a central place which is always a good thing.

One question - what is the user token? Could the authentication manager not check for a user's session? If the session variable does not exist, they are not logged in. If the session variable does exist, but they don't have the right 'right', then an exception is thrown. Or, does this token do something else?

Thanks
-- Jeff

From: "Roland Collins" <[EMAIL PROTECTED]>
Sent: Tuesday, March 08, 2005 11:49 AM
To: [email protected]
Subject: RE: [CFCDev] OO Security?

All of our objects require a user token to be passed in and they then perform their own access checks using our Authentication manager component. The authentication manager throws an “AuthenticationException” if the user does not have the appropriate level of access, and this gets logged, kicked to our error handler, or whatever else we need to do. It winds up looking like this (in broken code, anyway).

</cfinvoke>

</cffunction>

</cfobject>

HTH,

Roland

RE: [CFCDev] OO Security?

Reply via email to