L-Plate - Listener Question

16 views
Skip to first unread message

Gavin Baumanis

unread,
Jun 7, 2013, 2:30:31 AM6/7/13
to mach-ii-for...@googlegroups.com
I am not completely sure where I got it from  - but in a sample app (somewhere)

There is a listener with the following code;

// check hard-coded user name and password; 
// in real life we'd be hitting a database, LDAP, or something similar
if (arguments.event.getArg("username") EQ "admin"
AND arguments.event.getArg("password") EQ "password") {
    success = true;
}

My question isn't specifically about THIS listener - but the code in it got me thinking...
Do you actually write code like this in the listener?

I realise it is from a "sample" application - so I am just confirming;
Would you not have an appropriate method in a service layer, and the listener calls that method?

As always - thanks!

Gavin.


Kurt Wiersma

unread,
Jun 7, 2013, 8:14:28 AM6/7/13
to mach-ii-for...@googlegroups.com
Typically I would do that type of authorization check logic in my service layer. 

--Kurt



Gavin.


--
--
For more options and to unsubscribe, visit this group at http://groups.google.com/group/mach-ii-for-coldfusion?hl=en
 
Git & Wiki: https://github.com/Mach-II/Mach-II-Framework
---
You received this message because you are subscribed to the Google Groups "Mach-II for CFML" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mach-ii-for-coldf...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Brian Klaas

unread,
Jun 7, 2013, 8:37:47 AM6/7/13
to mach-ii-for...@googlegroups.com
You should definitely keep your listeners as business logic-free as possible. References to event arguments are certainly necessary in listeners, but only to pass things off to the service layer where the real work is done. I like to think of listeners as the place to grab and set event arguments, do flow control through things like announceEvent, and that's about it.

This was purely and example just to get people going but as Kurt and you both pointed out, authorization should be done in a service component.

brian

Gavin Baumanis

unread,
Jun 8, 2013, 9:04:37 AM6/8/13
to mach-ii-for...@googlegroups.com
Kurt and Brian,

I thought so much! - Thanks very much for the verification of my assumptions.... I appreciate it!


Gavin.
Reply all
Reply to author
Forward
0 new messages