[Catalyst] What's the best way to exclude static requests
from needing user to log in?
kakimoto at tpg.com.au
kakimoto at tpg.com.au
Sun Apr 19 03:26:12 GMT 2009
hi,John,
Good arvo. Thanks for the comments. My replies are as per below:
Quoting John Romkey <romkey at apocalypse.org>:
> On Apr 18, 2009, at 8:06 PM, kakimoto at tpg.com.au wrote:
> > hi, all
> >
> > what's the best way to exclude static requests from needing the
> user
> > to log in?
>
> The best way to exclude static requests from needing the user to log
>
> in is to not run them through Catalyst at all. Configure your web
> server so that static files are served directly by the server. This
>
> will greatly improve performance as well as simplify your Catalyst
> code.
K. akimoto: You have a very good point and I think I will consider this.
>
> Unless that's not what you mean by static.
>
> If you by static you still mean some dynamic content, I would
> strongly
> avoid putting all the logic for access control in Root's auto method.
>
> Root's auto method then knows too much about the implementation
> details of each controller. Instead put the access control logic
> where
> it belongs - with the stuff it's controlling access to.
> - john romkey
> http://www.romkey.com/
>
>
K. akimoto: this is interesting.
All requests would have to go through Root->auto before any other
actions in controllers
Hence, whilst the Root->auto method does hold implementation
details of all controllers in the application, it certainly makes future
maintaince of the application ( in terms of controlling all controller
access ) easier because the configuration is found in one spot rather
than all across the many controllers.
Is doing so a bad practice? I would really like to hear some good
discussions here..
Thank you again, John :)
K. akimoto
More information about the Catalyst
mailing list