Yes, but if one uses Coldbox as their MVC framework of choice, the coldbox proxy ( http://ortus.svnrepository.com/coldbox/trac.cgi/wiki/cbColdBoxProxyGuide ) would handle AMF and SOAP calls (if I'm not mistaken), so there are no duplicating the logic.
Henry On Thu, Jul 30, 2009 at 5:53 AM, Brian Kotek <[email protected]> wrote: > Which is exactly why you should be handling most of the security at the > service layer. Sure, the controller or view might have some conditional > logic or security checks for UI-related things like determining whether the > main menu should show the "Admin" button or not. But the bulk of it should > be handled in the service layer. Otherwise, as soon as you need to secure > AMF or SOAP calls to the services, you're either duplicating the logic or > you're going to have to move it all anyway. > > > > On Thu, Jul 30, 2009 at 8:22 AM, jalpino <[email protected]> wrote: > >> >> One benefit of going through a framework is that your request will >> follow the same access control restrictions as normal requests. Unless >> you manage application security at a service layer, instead of >> implicitly within the framework or at a controller level, then it >> would make sense to go directly to the service layer. >> >> One other benefit of going through the framework is that you retain >> the ability to properly control the request in the event that the >> users session has timed out and then the request is issued. With >> ModelGlue, I typically append ".ajax" to my event handlers that are >> called in that manner, in the event that a request is made and session >> has timeout by common event handlers know to issue 403 status codes, >> which my ajax engine knows how to handle (alert the user then redirect >> to login). >> >> Again, depending on where you manage your application security and how >> you manage session (ie. alerting the user before their session times >> out), it might make more sense to go through the framework, or go >> directly against the service layer. >> >> > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CFCDev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cfcdev?hl=en -~----------~----~----~----~------~----~------~--~---
