That's a good point. It would seem to me that the earlier we can check
and allow or deny access, the better. I haven't looked into when
services like ComponentClassResolver are instantiated, but as long as
the basic services (such as that one) are available, I think
RequestFilters would be the way to go. I'll post a new wiki covering the
@ApplicationState problem, and then perhaps we can explore using
RequestFilters and address the issues listed at the end of the first
article.
Thanks for the good idea Massimo :-).
Massimo Lusetti wrote:
On Nov 5, 2007 2:02 PM, Chris Lewis <[EMAIL PROTECTED]> wrote:
Regarding the dispatcher article (which I wrote), your problem is that
you are attempting to use @ApplicationState in a service, and this is
not possible, at least in this case. Why? Because state is based on the
request, and services are by default singletons. This means you have one
instance of your access controller servicing 1 or 10 or 100 simultaneous
requests at once. As such, its not possible to use @ApplicationState.
I've implemented the same as a RequestFilter which sits on layer above
dispatchers.
Actually i don't know if this kind of feature is better implemented as
a Dispatcher or a RequestFilter... maybe it depends on what you're
protecting.
