Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Dec 26, 2007 08:45 PM|LINK
But, in concrete terms, what is that you do?
I use a fairly simple approach in implementation. Usually with a SecurityGuard service that contains all my security checks, which will throw SecurityException if it fails. then the first thing in a function would be a call out to say SecurityGuard.DemandAdminRole()
or SecurityGuard.DemandEntityOwner() whatever it maybe. You can also do decorators, or something really fancy that does aop. I decided to go with the simple approach. But the point I'm making is that, I don't let this type of crosscutting concerns dictate
how I break down my controllers. Instead I group the actions base on the entity they act on. I find it the best way to keep controllers organized. (It's also the RESTful way)