Installation
Leverage CommandBox to install into your ColdBox app:
1
# Latest version
2
install cbsecurity
3
4
# Bleeding Edge
Copied!

System Requirements

  • Lucee 5.x+
  • ColdFusion 2016+

Module Settings

The module can be configured by adding a cbsecurity key in the moduleSettings structure within the config/Coldbox.cfc
config/Coldbox.cfc
1
// Module Settings
2
moduleSettings = {
3
// CB Security
4
cbSecurity : {
5
// The global invalid authentication event or URI or URL to go if an invalid authentication occurs
6
"invalidAuthenticationEvent" : "",
7
// Default Authentication Action: override or redirect when a user has not logged in
8
"defaultAuthenticationAction" : "redirect",
9
// The global invalid authorization event or URI or URL to go if an invalid authorization occurs
10
"invalidAuthorizationEvent" : "",
11
// Default Authorization Action: override or redirect when a user does not have enough permissions to access something
12
"defaultAuthorizationAction" : "redirect",
13
// You can define your security rules here or externally via a source
14
"rules" : [],
15
// The validator is an object that will validate rules and annotations and provide feedback on either authentication or authorization issues.
16
"validator" : "[email protected]",
17
// The WireBox ID of the authentication service to use in cbSecurity which must adhere to the cbsecurity.interfaces.IAuthService interface.
18
"authenticationService" : "[email protected]",
19
// WireBox ID of the user service to use
20
"userService" : "",
21
// The name of the variable to use to store an authenticated user in prc scope if using a validator that supports it.
22
"prcUserVariable" : "oCurrentUser",
23
// If source is model, the wirebox Id to use for retrieving the rules
24
"rulesModel" : "",
25
// If source is model, then the name of the method to get the rules, we default to `getSecurityRules`
26
"rulesModelMethod" : "getSecurityRules",
27
// If source is db then the datasource name to use
28
"rulesDSN" : "",
29
// If source is db then the table to get the rules from
30
"rulesTable" : "",
31
// If source is db then the ordering of the select
32
"rulesOrderBy" : "",
33
// If source is db then you can have your custom select SQL
34
"rulesSql" : "",
35
// Use regular expression matching on the rule match types
36
"useRegex" : true,
37
// Force SSL for all relocations
38
"useSSL" : false,
39
// Auto load the global security firewall
40
"autoLoadFirewall" : true,
41
// Activate handler/action based annotation security
42
"handlerAnnotationSecurity" : true,
43
// Activate security rule visualizer, defaults to false by default
44
"enableSecurityVisualizer" : false,
45
// JWT Settings
46
"jwt" : {
47
// The issuer authority for the tokens, placed in the `iss` claim
48
"issuer" : "",
49
// The jwt secret encoding key to use. This key is only effective within the `config/Coldbox.cfc`. Specifying within a module does nothing.
50
"secretKey" : getSystemSetting( "JWT_SECRET", "" ),
51
// by default it uses the authorization bearer header, but you can also pass a custom one as well or as an rc variable.
52
"customAuthHeader" : "x-auth-token",
53
// The expiration in minutes for the jwt tokens
54
"expiration" : 60,
55
// If true, enables refresh tokens, token creation methods will return a struct instead
56
// of just the access token. e.g. { access_token: "", refresh_token : "" }
57
"enableRefreshTokens" : false,
58
// The default expiration for refresh tokens, defaults to 30 days
59
"refreshExpiration" : 10080,
60
// The Custom header to inspect for refresh tokens
61
"customRefreshHeader" : "x-refresh-token",
62
// If enabled, the JWT validator will inspect the request for refresh tokens and expired access tokens
63
// It will then automatically refresh them for you and return them back as
64
// response headers in the same request according to the customRefreshHeader and customAuthHeader
65
"enableAutoRefreshValidator" : false,
66
// Enable the POST > /cbsecurity/refreshtoken API endpoint
67
"enableRefreshEndpoint" : true,
68
// encryption algorithm to use, valid algorithms are: HS256, HS384, and HS512
69
"algorithm" : "HS512",
70
// Which claims neds to be present on the jwt token or `TokenInvalidException` upon verification and decoding
71
"requiredClaims" : [],
72
// The token storage settings
73
"tokenStorage" : {
74
// enable or not, default is true
75
"enabled" : true,
76
// A cache key prefix to use when storing the tokens
77
"keyPrefix" : "cbjwt_",
78
// The driver to use: db, cachebox or a WireBox ID
79
"driver" : "cachebox",
80
// Driver specific properties
81
"properties" : { "cacheName" : "default" }
82
}
83
}
84
}
85
};
Copied!
If you are using cbauth as your authenticationService (the default), you also need to configure cbauth.
Copy link
Edit on GitHub