Welcome to the ColdBox Security, the best way to secure your ColdBox apps.
The Best Way To Secure Your Applications
cbsecuritymodule is a collection of modules to help secure your ColdBox applications.
The major areas of concern are:
- A security authentication/authorization firewall (
cbsecurity) which can secure your application based on:
- Security rules and a rule engine for validation of incoming events or URL patterns
- Handler annotations
- Security service for explicit authorizations (
cbsecurity) to provide you with functional approaches to security context authorization in any layer of your application.
- A JWT generator, decoder, and authentication services (
- Cross-Site Request Forgery (CSRF) Protection (
- An authentication manager (
cbauth) which can be plug-and-play with your own or third-party modules
- Basic Authentication services that provide basic user credential storage and browser challenges
- A graphical user interface for visualizing the firewall and operational settings we lovingly call the CBSecurity Visualizer
- Industry-standard response headers to protect against XSS, clickjacking, frame busting, and much more
CBSecurity consumes several other modules and leverages cbstorages for storage.
- Ability to have global security rules
- The ability for modules to add their own security rules and action overrides
- Ability to distinguish between authentication and authorization issues
- Annotation-driven cascading security for handlers and actions
- A functional security service that can be injected anywhere to provide you with authorizations
- Security rules can exist in:
- XML File
- JSON File
- The rules can be configured to use regular expressions or simple snippets
- You can use ColdFusion authentication security
- Can leverage any custom authentication provider
- Ability to distinguish between invalid authentication and authorization and determine the process's outcome.
- Ability to load/unload security rules from contributing modules.
- The ability for each module to define its own
- JWT Access and Refresh Tokens Native support
And constructed with the following guidelines:
- Breaking backward compatibility bumps the major (and resets the minor and patch)
- New additions without breaking backward compatibility bumps the minor (and resets the patch)
- Bug fixes and misc changes bumps the patch
Ortus Solutions, Corp
The Box products and modules community for discussion and help can be found here:
Because of His grace, this project exists. If you don't like this, then don't read it; it's not for you.
"Therefore being justified by faith, we have peace with God through our Lord Jesus Christ: By whom also we have access by faith into this grace wherein we stand, and rejoice in hope of the glory of God." Romans 5:5