[ColdBox 3.6.0] Secured private area using interceptors?

This is the scenario:

I have an app where customers can register and have a private area. I need a way to protect their personal data. I would like to implement an interceptor to check if the record they have permission to view the area they are accessing to.

So for example User1 try to access /area/1 and he can. But if user1 try to access /area/2 he is routed to an error page.

To make this I was thinking to implement an interceptor, announce the interceptor in the prehandler of area handler and check if he has the privilege to view the record.

Is this a good choiice?

Or I could make something different?

Check out the security interceptor. It allows you to load rules from wherever you want and restrict URLs by regex patterns.




ColdBox Platform Evangelist
Ortus Solutions, Corp

E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com