setting up a security layer in my application, and I was curious what
the benefit is of setting up a custom security interceptor with a
preProcess method that checks every request as opposed to doing this
in my onRequestStart method within my main handler... Internally isn't
this doing the same thing? Would this just be a coldbox way of doing
things, or am I benefiting from the rules engine with using
It seems if I'm writing my own user validator object I'm doing the
same amount of work (code) either way...
They are both analogous in nature but in different implementations. The on request start handler points to an event method, basically, you have a very thin event that handles this. In an interceptor approach you have much more flexibility, portability and application decoupling. My preference is to build interceptors, they can have their own domain models, own internal methods and encapsulated information, I can chain them if necessary and so forth ans so forth. You just have to be comfortable with creating them, which is not that bad.
My preference are interceptors for those reasons.