CFML Security Validator

The CFML Security validator leverages the ColdFusion security functions for authentication and role based authorization.

ColdBox security has had this security validator since version 1, in which it will talk to the ColdFusion engine's security methods to authenticate and authorize users using roles.

All you need to do is use the WireBox ID of CFValidator@cbsecurity in your validator setting:

cbsecurity = {

    firewall : {
        validator = "CFValidator@cbsecurity"
    }

}

Using ColdFusion security tags and functions

ColdFusion Security Functions

Example:

handlers/security.cfc

component{

	function login( event, rc, prc ){
		event.setView( "security/login" );
	}
	
	function doLogin( event, rc, prc ){
		cflogin(
			idletimeout=getSetting( "LoginTimeout" ), 
			applicationtoken=getSetting( "AppName" ), 
			cookiedomain='myapp.com'
		){
			cfoauth(
				type        = "Google",
				clientid    = "YOUR_CLIENT_ID",
				secretkey   = "YOUR_GOOGLE_CLIENTSECRET",
				redirecturi = "YOUR_CALLBACK_URI",
				result      = "res",
				scope       = "YOUR_SCOPES",
				state       = "cftoken=#cftoken#"
			);

			cfloginuser(
				name     = "#res.other.email#", 
				password = "#res.access_token#", 
				roles    = "user"
			);
		}
	}
	 
	function doLogout( event, rc, prc ){
	   
	    cflogout();
	 	relocate( "security.login" );
	}

}

For more information about cflogin, cfloginuser and cflogout, please visit the docs http://cfdocs.org/security-functions

The configured authentication service must adhere to our IAuthService interface and the User object must adhere to the IAuthUser interface.

Remember that a validator can exist globally and on a per ColdBox Module level.

PreviousBasicAuth Validator NextCustom Validator

Last updated 1 year ago