Well, one issue off the bat is that your ColdSpring-managed model wouldn't know what the current event being executed was. While it may not be the best idea to base security off actions taken in a user interface, if that's the direction you've gone then so be it. MG controllers are NOT managed by ColdSpring....yet. I heard at CFUNITED that you may soon be able to define your controllers as ColdSpring <bean/>s, allowing you to utilize all the IoC and AOP goodness on your MG controllers (you would then reference them in your MG config as something like <controller name="foo" bean="IdOfColdSpringBeanThatIsAController"/> )
So, you may want to think of a more granular way of enforcing application security *within* your model - remember, the MG-based UI you are building right now may not always be the only "client", and you are basically giving your MG UI a "free reign" over calling methods in your model. HTH, Dave On 7/7/06, Brian Billings <[EMAIL PROTECTED]> wrote:
Hey all, I saw Davids ColdSpring presentation at the conference and Im wondering if having an Advisor to control security is a useable option for me. I'm loading a structure of events with event name as the key and roles as the value into the application scope. My user object stored in session contains the users roles. At the beginning of each request I check to see if the user exists and is logged in then compare the users roles to the roles of the event they are asking for and redirect to error message if they dont have permission. I have an empty BeforeAdvice set up and working but I'm not able to wrap my head around an implementation for my security process. Im using MG Unity. Any high level suggestions?
