David, This came to mind when I was working on ShoppingCartEvents::ShoppingCartEvents method. This method has Security check code in it. At first Glance I didn't like it.
Is it Ok to to have Security checks code compiled into a class. I am not sure if there are more instances of similar thing. I will appreciate comments on it from you. Anil Patel On 2/15/07, David E. Jones <[EMAIL PROTECTED]> wrote:
The best thing to do is use an actual event for this, which may mean chaining to another request for security check pass/fail. Generally though there isn't page routing for security checks, but rather a change in a view and/or event that shows a message or whatever. In other words, the security checks in services and screens are the main touch points. Is there a more specific case where this has come up? -David On Feb 15, 2007, at 2:02 PM, Anil Patel wrote: > Hi, > Ofbiz Services security model allows us to intercept a call to service > before the actual service executed. On similar lines Do we have a > way to > intercept a Web Request for Security Check before the Event or view is > rendered, Something like > > <request-map uri="orderentry"> > <security https="true" auth="true"/> > <permission-service service-name="orderEntryGenericPermission" > action="Create" error-view="PermissionErrorScreen" /> > <event type="java" path=" > org.ofbiz.order.shoppingcart.ShoppingCartEvents" > invoke="routeOrderEntry"/> > <response name="init" type="view" value="checkinits"/> > <response name="agreements" type="view" > value="orderagreements"/> > <response name="cart" type="view" value="showcart"/> > <response name="error" type="view" value="checkinits"/> > </request-map> > > Thanks and Regards > Anil Patel
