cbSecurity
CommunitySlackSupport
v3.x
v3.x
  • 🔏Introduction
    • Release History
      • What's New With 3.4.0
      • What's New With 3.3.0
      • What's New With 3.2.0
      • What's New With 3.1.0
      • What's New With 3.0.0
    • Upgrade to 3.0.0
    • About This Book
      • Author
  • Getting Started
    • Installation
    • Overview
    • Configuration
      • 🔏Authentication
      • 🥸Basic Auth
      • 🙈CSRF
      • 🌐JWT
      • 🧱Firewall
        • DB Rules
        • JSON Rules
        • Model Rules
        • XML Rules
      • ☢️Security Headers
      • 🔬Visualizer
  • Usage
    • Authentication Services
    • Basic Authentication
    • Security Rules
    • Security Annotations
    • cbSecurity Model
      • Authentication Methods
      • Authorization Contexts
      • Blocking Methods
      • Securing Views
      • Utility Methods
      • Verification Methods
    • Secured URL
    • Interceptions
    • Cross Site Request Forgery
    • Delegates
    • Auth User
  • Security Validators
    • Auth Validator
    • BasicAuth Validator
    • CFML Security Validator
    • Custom Validator
  • JWT
    • JWT Services
    • JWT Validator
    • Refresh Tokens
    • Token Storage
    • JWT Interceptions
  • External links
    • Issue Tracker
    • Source code
    • Sponsor Us
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
Export as PDF
  1. Usage

Secured URL

CBSecurity stores the secured incoming url so you can relocate the user to it after authenticating.

The security module has the concept of a secured URL which is the actual URL that got intercepted and relocated because of a security exception. This is stored in the request collection as rc._securedURL and in the ColdBox flash memory as _securedURL.

So always remember to use this variable to provide a seamless login experience to your users. You can easily place it in the login form as a hidden field:

#html.startForm( action=prc.xehDoLogin, name="loginForm" )#
    
    <!--- Store the _securedURL so we can use it to relocate -->
    #html.hiddenField( name="_securedURL", value=event.getValue('_securedURL','') )#

    #html.textfield(name="username",label="Username: ",size="40",required="required",class="textfield",value=prc.rememberMe)#
    #html.passwordField(name="password",label="Password: ",size="40",required="required",class="textfield")#

    <div id="loginButtonbar">
        #html.checkBox(name="rememberMe",value=true,checked=(len(prc.rememberMe)))# 
        #html.label(field="rememberMe",content="Remember Me  ",class="inline")#
        #html.submitButton(value="  Log In  ",class="buttonred")#
    </div>

    <br/>
    <img src="#prc.cbRoot#/includes/images/lock.png" alt="lostPassword" />
    <a href="#event.buildLink( prc.xehLostPassword )#">Lost your password?</a> 

#html.endForm()#

In your login action you can use the secured URL and relocate appropriately:

function doLogin( event, rc, prc ){

   if( cbSecure().authenticate( rc.username, rc.password ) ){
      
      rc._securedURL.len() ? relocate( url : rc._securedURL ) : relocate( "admin.dashboard" )
      
   }

}
PreviousVerification MethodsNextInterceptions

Last updated 2 years ago

Was this helpful?