Hello all, I have a question related to securing an enterprise application in Zend Framework from within my code. I see two possibilites: 1. To make all verifications/check the permissions/rights in the bootstrap and check everything from here. The disadvantage here is that you don't know the controller/action (routeShutdown was not executed) and you'll get problems to allow access to a web service. 2. To add a Zend_Controller_Plugin and to check everything, after routeShutdown or before dispatchLoopStartup (which one is better?). This provides a point where you have a granular access to the "security plan". Anyway, what do you think about that? Anyway, it is probably a matter of design patterns, but I didn't find anything very clear and that's why I need your help, your experience, your ideas. Thank you very much in advance.
