Perhaps some kind of hook would be appropriate in authenticate(). Adding that kind of behavior to checkSecrets() feels bolted on to me because checkSecrets() now becomes "check secrets, but maybe do some other stuff too"
Perhaps in authenticate(), if checkSecrets() is true, call authenticated(Request) which is a no-op by default. On Jan 4, 2008 8:41 PM, Rob Heittman <[EMAIL PROTECTED]> wrote: > Alex, I agree. I would have once said otherwise (I think I *did* say > otherwise), but this pattern has now come up in production code at least > five times, and I think a change is called for. > > > > On 1/4/08, Alex Milowski <[EMAIL PROTECTED]> wrote: > > Multiple times I've found myself needing the Request instance in > checkSecret() > > on Guard so that I can store the authenticated user's information on the > > Request as an attribute. > >
