Sumit Verma said the following on 06/01/2011 08:11 PM:
> What's the reason behind having onAuthenticate method fire on each
> request? Wouldn't it make sense for it to fire only if
> REST:authenticate is set to true either on method or component?
onAuthenticate() is part of the global endpoint request lifecycle in all
endpoints regardless of type (REST, File, task, etc.). We could define
an onAuthenticate() method in the BaseEndpoint for REST to do the
checking, but authentication is going to specific to *your* REST
implementation. For the task endpoint, that endpoint defines the
authentication schema.
If we added an onAuthenticate() method to the BaseEndpoint for REST, you
would still have to defined another methodwould have to be called so the
request can be authenticated against your authentication schema. That's
why we don't have an onAuthenticate() method in the base -- you'd have
to override it with your own and effectively making inherited method
useless. We decided that it would be best to have all endpoints follow
the same endpoint request lifecycle "events" instead of saying that for
REST-only.
As it stands right now, an onAuthenticate() method would look something
like this:
<cffunction name="onAuthenticate" access="public" returntype="void"
output="false"
hint="Runs authentication.">
<cfargument name="event" type="MachII.framework.Event"
required="true" />
<cfset var restUri = arguments.event.getArg("restUri") />
<!--- Authenticate the request via HTTP basic authentication --->
<cfif restUri.getUriMetadataParameter("authenticate",
getAuthenticateDefault()) AND NOT
variables.authentication.authenticate(getHTTPRequestData().headers,
arguments.event)>
<cfthrow type="AuthorizationFailed" />
</cfif>
</cffunction>
Would simplify it by adding a helper method like
isAuthenticationRequired(). It would make the above sample look like this:
<cffunction name="onAuthenticate" access="public" returntype="void"
output="false"
hint="Runs authentication.">
<cfargument name="event" type="MachII.framework.Event"
required="true" />
<!--- Authenticate the request via HTTP basic authentication --->
<cfif isAuthenticationRequired(arguments.event) AND NOT
variables.authentication.authenticate(getHTTPRequestData().headers,
arguments.event)>
<cfthrow type="AuthorizationFailed" />
</cfif>
</cffunction>
What do you think?
.pjf
--
Peter J. Farrell
[email protected]
[email protected]
http://blog.maestropublishing.com
Identi.ca / Twitter: @maestrofjp
--
To post to this group, send email to [email protected]
For more options and to unsubscribe, visit this group at
http://groups.google.com/group/mach-ii-for-coldfusion?hl=en
SVN: http://svn.mach-ii.com/machii/
Wiki / Documentation / Tickets: http://trac.mach-ii.com/machii/
