In order to enable ColdBox security you must register the Security interceptor in your parent or other module configuration's interceptors section:
IMPORTANT If you are using SES or URL mappings in your ColdBox 4 application, make sure that you declare the security interceptor after the SES interceptor. Interceptors require order, so security needs for the URL to be translated first. In coldbox 5 SES is handled by the Routing service, so you don't need this SES interceptor.
Property
Type
Required
Default
Description
useRegex
boolean
false
true
By default all secure and white lists are matched using regular expressions. You can disable it if you like and use plain old string matching.
queryChecks
boolean
false
false
Flag that tells the interceptor to validate the columns in the security rules. This makes sure all columns have the same columns. By default it is in relaxed mode so all columns are used.
preEventSecurity
boolean
false
false
This turns on the preEventexecution point that will make sure that before any event is fired internally, that its verified against the security rules. Only use this if you really want to secure all internal events, else this can hinder performance.
ruleSource
string
true
---
Where to look for the rules as described above, this value has to be a choice from the following list xml,json,db,model,ioc or ocm.
validator
string
false
---
The class path of the validator object to use. The interceptor will create the object for you and cache it internally. If the object has an init() method, the interceptor will call it for you.
validatorModel
string
false
---
The model name of the security validator to use for custom validations. The interceptor will call getModel() with the name of this property to be retrieved via WireBox
validatorIOC
string
false
---
The bean name of the security validator to use for custom validations. The interceptor will ask the IoC module for the bean according to this property
The following are properties used when the source of the rules is ioc or coming from an IoC module
The following are properties used when the source of the rules is db or coming from the database.
The following are properties used when the source of the rules is ocm or coming from the CacheBox
The following are properties used when the source of the rules is json
The following are properties used when the source of the rules is xml
Property
Type
Required
Default
Description
rulesBean
string
true if rulesSource = ioc
---
The bean name to ask the IoC module for that has the rules
rulesBeanMethod
string
true if rulesSource = ioc
---
The method in the bean to call that will return a query of rules
rulesBeanArgs
string
false
---
A comma-delimited list of arguments to send into the method. This is an optional argument and if not set, the method will be called with no arguments
Property
Type
Required
Default
Description
rulesDSN
string
true if rulesSource = db
---
The dsn to use if the rules are coming from a database
rulesTable
string
true if rulesSource = db
---
The table where the rules are
rulesSQL
string
false
select* from rulesTable
The custom SQL statement to use to retrieve the rules according to the rulesTable property. If not set, the default of select* from rulesTable will be used.
rulesOrderBy
string
false
---
The column to order the rules by. If not chosen, the interceptor will not order the query, just select it.
Property
Type
Required
Default
Description
rulesOCMKey
string
true
---
The cache key to use to retrieve the rules from the ColdBox default cache provider
Property
Type
Required
Default
Description
rulesfile
string
true if rulesSource = JSON
---
The location of the security rules json file
Property
Type
Required
Default
Description
rulesfile
string
true if rulesSource = xml
---
The location of the security rules xml file