On 03-06-2010 at 09:39, Poitras Christian wrote: > Hi Laurent, > > I've looked at the source code of SecurityInterceptor. > As long as binding does not generate an error, CustomValidation step is > executed prior to checking access. > After validation, access is checked only if CustomValidation step generates > an error. > > On EventHandling step, access is checked prior to executing event. > > I don't know if this can be considered as a "bug" or a "feature", so it would > be better to ask Oscar Westra van Holthe - Kind or Fred Daoud.
This is a feature: - after validation, the user may see the screen again (errors) If access will be denied on the basis of this information, better do it now. Otherwise the user will go through all the trouble of correcting the input, only to be denied access. - before the event is the last moment access can be checked, and the information will be as complete as possible. So unless allowed, access is denied. Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( It takes less time to do a thing right, than it does to explain why =/ () you did it wrong. -- Henry Wadsworth Longfellow
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
