Coldbox Security Interceptor

Posted by faheem on Stack Overflow See other posts from Stack Overflow or by faheem
Published on 2010-05-01T19:07:08Z Indexed on 2010/05/01 19:17 UTC
Read the original article Hit count: 290

Filed under:

cf9

|

coldbox

|

orm

Hi I am new to coldbox and working on a guestbook messaging forum. does anyone know how I can apply some rule in coldbox to show edit and delete for specified users of admin or user in the edit page. I am not sure how to specify this as I already have my rules here as shown in securityRules.xml:

SecurityRules.XML

<?xml version="1.0" encoding="UTF-8"?>
<!-- 
Declare as many rule elements as you want, order is important 
Remember that the securelist can contain a list of regular
expression if you want

ex: All events in the user handler
 user\..*
ex: All events
 .*
ex: All events that start with admin
 ^admin

If you are not using regular expression, just write the text
that can be found in an event.
        <whitelist>ehSecurity\.dspLogin,ehSecurity\.doLogin,ehSecurity\.dspLogoff</whitelist>

-->
<rules>
    <rule>
        <whitelist>^entries,ehSecurity\..*,registry\..*</whitelist>
        <securelist></securelist>
        <roles>admin</roles>
        <permissions>read,write</permissions>
        <redirect>ehSecurity.dspLogin</redirect>
    </rule>
    <rule>
        <whitelist>^entries,ehSecurity\..*,main\..*,^registry</whitelist>
        <securelist></securelist>
        <roles>author,admin</roles>
        <permissions>read</permissions>
        <redirect>ehSecurity.dspLogin</redirect>
    </rule>
</rules>

© Stack Overflow or respective owner

Related posts about cf9

How to setup CF9 with IIS7 (multiple instance, virtual hosting by hostname)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm used to setting up CF9 (Dev edition) on my Windows using Apache. I would like to try using IIS7 that comes with Win7 Pro. What are the steps to set it up so that I can have: www.siteA.dev www.siteB.dev Both of these point to 127.0.0.1 via windows host file. I would like siteA.dev & siteB… >>> More
Migrating to CF9: trouble getting JRun working with SSL

as seen on Server Fault - Search for 'Server Fault'
I have a client on MX7 who wants to migrate to CF9. I have a dev environment for them on my WinXP machine where I've configured MX7 to run with JRun's built-in web server. I've had that working for a long time with both regular and SSL connections. I installed CF9 yesterday side-by-side with the… >>> More
CF9 HQL Statement for many-to-many and Multiple Criteria

as seen on Stack Overflow - Search for 'Stack Overflow'
I have the following setup: Listing.cfc component persistent="true" { property name="ListingId" column="ListingId" type="numeric" ormtype="int" fieldtype="id" generator="identity"; ... property name="Features" type="array" hint="Array of features" singularname="Feature" fieldtype="many-to-many"… >>> More
CF9: what is jrun_iis6_wildcard.dll intended for?

as seen on Server Fault - Search for 'Server Fault'
Hi I just finished installing an application on a server running ColdFusion 9 (2008 R2 64bit) The application I installed does not use CF, but an isapi dll. To run my application, I need to delete an handler using jrun_iis6_wildcard.dll that seems to process and block requests that should be processed… >>> More
How to specify argument attributes in CFscript? (CF9)

as seen on Stack Overflow - Search for 'Stack Overflow'
In CF9 doc: Defining components and functions in CFScript, it says: /** *Comment text, treated as a hint. *Set metadata, including, optionally, attributes, in the last entries *in the comment block, as follows: *@metadataName metadataValue ... */ access returnType function functionName(arg1Type… >>> More

Related posts about coldbox

Glassfish, railo and coldbox - messed up links?

as seen on Stack Overflow - Search for 'Stack Overflow'
I am new to ColdFusion and ColdBox (and programming). I tried to setup ColdBox but some of the links in the sample applications are broken. My configuration is a GlassFish v3 installation with the current Railo OSS. I access my site through Apache 2.2.14. So instead of http://127.0.0.1:8080/railo/… >>> More
Coldbox Security Interceptor

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi I am new to coldbox and working on a guestbook messaging forum. does anyone know how I can apply some rule in coldbox to show edit and delete for specified users of admin or user in the edit page. I am not sure how to specify this as I already have my rules here as shown in securityRules.xml: SecurityRules… >>> More
regenerating url in cf9/Coldbox

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi I am wondering if there is a way to regenerate the URL when any page is loaded in coldbox/CF9 when using event.buildLink ? Currently I get http://cawksd05.codandev.local:8080/entries/editor when using event.buildlink. But the correct url should have /index.cfm added to it as shown below: /index… >>> More
ColdFusion 9 ORM - Securing an object at a low level...

as seen on Stack Overflow - Search for 'Stack Overflow'
Hiya: I wonder if anybody has an idea on this... I'm looking at securing a low level object in my model (a "member" object) so by default only certain information can be accessed from it. Here's a possible approach (damn sexy if it would work!): 1) Add a property called "locked" - defaulting… >>> More
Isapi Rewrite : Remove filename from URL

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi there Im am trying to use the isapi rewrite tool on my web domain to write some basic rules, but am getting a bit confused. My base url is http://forevr-dev.co.uk/musicexplained/index.cfm and every page on the site follows from this base url. For example http://forevr-dev.co.uk/musicexplained/index… >>> More