Which is exactly why you should be handling most of the security at the service layer. Sure, the controller or view might have some conditional logic or security checks for UI-related things like determining whether the main menu should show the "Admin" button or not. But the bulk of it should be handled in the service layer. Otherwise, as soon as you need to secure AMF or SOAP calls to the services, you're either duplicating the logic or you're going to have to move it all anyway.
On Thu, Jul 30, 2009 at 8:22 AM, jalpino <[email protected]> wrote: > > One benefit of going through a framework is that your request will > follow the same access control restrictions as normal requests. Unless > you manage application security at a service layer, instead of > implicitly within the framework or at a controller level, then it > would make sense to go directly to the service layer. > > One other benefit of going through the framework is that you retain > the ability to properly control the request in the event that the > users session has timed out and then the request is issued. With > ModelGlue, I typically append ".ajax" to my event handlers that are > called in that manner, in the event that a request is made and session > has timeout by common event handlers know to issue 403 status codes, > which my ajax engine knows how to handle (alert the user then redirect > to login). > > Again, depending on where you manage your application security and how > you manage session (ie. alerting the user before their session times > out), it might make more sense to go through the framework, or go > directly against the service layer. > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CFCDev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cfcdev?hl=en -~----------~----~----~----~------~----~------~--~---
