ColdBox Security Module
Search…
v2.x
Introduction
Intro
Release History
About This Book
Author
Getting Started
Installation
Overview
Configuration
Rule Sources
DB Rules
Inline Rules
JSON Rules
Model Rules
Module Rules
XML Rules
Usage
Authentication Services
Security Rules
Security Annotations
Secured URL
Interceptions
cbSecurity Model
Cross Site Request Forgery
Security Validators
CBAuth Validator
CFML Security Validator
Custom Validator
JWT
JWT Services
JWT Validator
Refresh Tokens
Token Storage
JWT Interceptions
External links
Source code
Issue Tracker
cbauth
cbcsrf
JWT CFML
Powered By GitBook
XML Rules
If you have already an XML file with your rules, then all you need to do is add the path (relative or absolute) to that file in the rules configuration key. However, the path MUST include the keyword XML in it.
config/Coldbox.cfc
1
moduleSettings = {
2
// CB Security
3
cbSecurity : {
4
"rules" : "config/security.xml.cfm"
5
};
Copied!
Then your xml file can look like this:
config/security.xml.cfm
1
<?xml version="1.0" encoding="ISO-8859-1"?>
2
<-- <
3
Declare as many rule elements as you want, order is important
4
Remember that the securelist can contain a list of regular
5
expressions if you want
6
​
7
ex: All events in the user handler
8
user\..*
9
ex: All events
10
.*
11
ex: All events that start with admin
12
^admin
13
​
14
If you are not using regular expressions, just write the text
15
that can be found in an event.
16
-->
17
<rules>
18
<rule>
19
<match>event</match>
20
<whitelist>user\.login,user\.logout,^main.*</whitelist>
21
<securelist>^user\..*, ^admin</securelist>
22
<roles>admin</roles>
23
<permissions>read,write</permissions>
24
<redirect>user.login</redirect>
25
</rule>
26
​
27
<rule>
28
<match>event</match>
29
<whitelist></whitelist>
30
<securelist>^moderator</securelist>
31
<roles>admin,moderator</roles>
32
<permissions>read</permissions>
33
<redirect>user.login</redirect>
34
</rule>
35
​
36
<rule>
37
<match>url</match>
38
<whitelist></whitelist>
39
<securelist>/secured.*</securelist>
40
<roles>admin,paid_subscriber</roles>
41
<permissions></permissions>
42
<redirect>user.pay</redirect>
43
</rule>
44
</rules>
Copied!
Previous
Module Rules
Next - Usage
Authentication Services
Last modified 2yr ago
Copy link
Edit on GitHub