ColdBox Security Module
Search…
v2.x
Introduction
Intro
Release History
About This Book
Author
Getting Started
Installation
Overview
Configuration
Usage
Authentication Services
Security Rules
Security Annotations
Secured URL
Interceptions
cbSecurity Model
Cross Site Request Forgery
Security Validators
CBAuth Validator
CFML Security Validator
Custom Validator
JWT
JWT Services
JWT Validator
Refresh Tokens
Token Storage
JWT Interceptions
External links
Source code
Issue Tracker
cbauth
cbcsrf
JWT CFML
Powered By GitBook
Introduction
The ColdBox cbsecurity module is a collection of modules to help secure your applications.
The major areas of concern are:
  • A security authentication/authorization firewall ( cbsecurity ) which can secure your application based on:
    • Security rules and a rule engine for validation incoming events or URL's
    • Handler annotations
  • A security service for explicit authorizations ( cbsecurity ) to provide you with functional approaches to security context authorization in any layer of your application.
  • A JWT generator, decoder and authentication services ( jwtcfml )
  • Cross Site Request Forgery (CSRF) Protection ( cbcsrf )
  • An authentication manager ( cbauth )

Cbsecurity consumes several other modules and leverages cbstorages for storage.

  • Ability to have global security rules
  • Ability for modules to add their own security rules and action overrides
  • Ability to distinguish between authentication and authorization issues
  • Annotation driven cascading security for handlers and actions
  • A functional security service that can be injected anywhere to provide you with authorizations
  • Security rules can exist in:
    • XML File
    • JSON File
    • Database
    • Models
  • The rules can be configured to use regular expressions or simple snippets
  • Can use ColdFusion authentication security
  • Can leverage any custom authentication provider
  • Plug any Authentication service or can leverage cbauth by default
  • Capability to distinguish between invalid authentication and invalid authorization and determine an outcome of the process.
  • Ability to load/unload security rules from contributing modules.
  • Ability for each module to define it's own validator
  • JWT Access and Refresh Tokens Native support

The ColdBox Security Module is maintained under the Semantic Versioning guidelines as much as possible. Releases will be numbered with the following format:
<major>.<minor>.<patch>
And constructed with the following guidelines:
  • Breaking backward compatibility bumps the major (and resets the minor and patch)
  • New additions without breaking backward compatibility bumps the minor (and resets the patch)
  • Bug fixes and misc changes bumps the patch

Ortus Solutions, Corp
The ColdBox Security Module is a professional open source software backed by Ortus Solutions, Corp offering services like:
  • Custom Development
  • Professional Support & Mentoring
  • Training
  • Server Tuning
  • Security Hardening
  • Code Reviews
  • ​Much More​

The Box products and modules community for discussion and help can be found here:

Because of His grace, this project exists. If you don't like this, then don't read it, it's not for you.
"Therefore being justified by faith, we have peace with God through our Lord Jesus Christ: By whom also we have access by faith into this grace wherein we stand, and rejoice in hope of the glory of God." Romans 5:5
Next - Intro
Release History
Last modified 1yr ago
Copy link
Edit on GitHub
On this page
Module composition
Features
Versioning
License
Important Links
Professional Open Source
Discussion & Help
HONOR GOES TO GOD ABOVE ALL