Once you have this, you could either find another spot in the request processor to enforce this logic (very easy with a chainable processor, of course), or use a "SecureAction" base class from which you extend for any paths which must be controlled, which would do authorization before passing control to the subclass.
Joe
I'll look into the "ComposableRequestProcessor" for future projects. This seems like it could be a very powerful feature, if used correctly.
Since we are on the subject of Control and security, let me throw in another
question.
My application has three different user permission levels. 1) User 3) Super User 2) Admin
Each account in the DATABASE is classified with one of these permission levels.
I want to also inspect each request before an Action is dispatched to confirm that the User should be granted access to execute the Action.
At first thought, it seems that I cannot use the processRoles() feature of the RequestProcessor, because my permission levels are not stored into the config file, but rather in the database. Or should I say, I cannot take this approach without overriding this method (which may be a solid approach.. but I haven't thought it out much. I imagine this would require a way for me to map each action with the correct access groups).
I could put this logic into each Action class, but, for obvious reasons, this will be a maintenance nightmare.
Can anyone offer any suggestions on these or other approaches?
Your assistance is greatly appreciated as it always is.
--
Joe Germuska [EMAIL PROTECTED] http://blog.germuska.com "Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining."
-- Jef Raskin
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
