The nice part about raising an exception instead of returning true or false is that it standardizes how security exceptions are generated. Also, what reason would you have to continue processing in a component if the security check failed? Presumably, if the isSecure method returned false, you'd just throw an exception anyway!
Roland -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Rawlinson Sent: Thursday, March 10, 2005 2:43 PM To: [email protected] Subject: Re: Method Question (was RE: [CFCDev] OO Security?) I would expect the security guard to respond and tell me the security to the building is intact with an affirmative or "true" granted, that would really be in the method isSecure as opposed to checkSecurity which is really a helper method to isSecure (in my mind) since the guard may have to check more than just the building security is intact to tell me if everything isSecure. but either way I would expect checkSecurity to return true if security is OK and false if it is not (or raise an exception) depending on how you want to handle the negative. Bill On Thu, 10 Mar 2005 13:27:21 -0600, Jeff Chastain <[EMAIL PROTECTED]> wrote: > > If you think about it, this is really what you would expect. Take the > following example ... > > You have a security guard 'object' > If you tell him to 'getKeys', he should return to you a set of keys > If you tell him to 'checkSecurity', he should return nothing - i.e. void > the fact that the building is secure is expected > if something is wrong, he should throw an exception as it is an exception > to the 'norm' > > I don't know if there is anything magic to this reasoning, it was just the > way it was explained to me at one point and it made sense. > > -- Jeff > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Dawson, Michael > Sent: Thursday, March 10, 2005 11:33 AM > To: [email protected] > Subject: Method Question (was RE: [CFCDev] OO Security?) > > Roland, this is a bit off-topic, but in your checkUserPubAccess() and > checkUserRights() methods, you set them to return VOID. > > When you call these methods, do you assume that if they don't throw an error > that everything is OK and you can proceed? I guess you would have to. > > BTW, this is a great document! I appreciate you sharing it with us. > > Thanks > M!ke > > ---------------------------------------------------------- > You are subscribed to cfcdev. To unsubscribe, send an email to > [email protected] with the words 'unsubscribe cfcdev' as the subject of the > email. > > CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting > (www.cfxhosting.com). > > An archive of the CFCDev list is available at > www.mail-archive.com/[email protected] > > ---------------------------------------------------------- > You are subscribed to cfcdev. To unsubscribe, send an email to [email protected] with the words 'unsubscribe cfcdev' as the subject of the email. > > CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting (www.cfxhosting.com). > > An archive of the CFCDev list is available at > www.mail-archive.com/[email protected] > > -- [EMAIL PROTECTED] http://blog.rawlinson.us I have 47! gmail invites,want one? ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [email protected] with the words 'unsubscribe cfcdev' as the subject of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting (www.cfxhosting.com). An archive of the CFCDev list is available at www.mail-archive.com/[email protected] ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [email protected] with the words 'unsubscribe cfcdev' as the subject of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting (www.cfxhosting.com). An archive of the CFCDev list is available at www.mail-archive.com/[email protected]
