cbSecurity
CommunitySlackSupport
v2.x
v2.x
  • Introduction
  • Intro
    • Release History
      • What's New With 2.15.0
      • What's New With 2.14.0
      • What's New With 2.13.0
      • What's New With 2.12.0
      • What's New With 2.11.x
      • What's New With 2.10.0
      • What's New With 2.9.0
      • What's New With 2.8.0
      • What's New With 2.7.0
      • What's New With 2.6.0
      • What's New With 2.5.0
      • What's New With 2.4.0
      • What's New With 2.3.0
      • What's New With 2.2.0
      • What's New With 2.1.0
      • What's New With 2.0.0
    • About This Book
    • Author
  • Getting Started
    • Installation
    • Overview
    • Configuration
      • Rule Sources
        • DB Rules
        • Inline Rules
        • JSON Rules
        • Model Rules
        • Module Rules
        • XML Rules
  • Usage
    • Authentication Services
    • Security Rules
    • Security Annotations
    • Secured URL
    • Interceptions
    • cbSecurity Model
      • secure() Blocking Methods
      • Verification Methods
      • Authorization Contexts
      • Securing Views
    • Cross Site Request Forgery
  • Security Validators
    • CBAuth Validator
    • CFML Security Validator
    • Custom Validator
  • JWT
    • JWT Services
    • JWT Validator
    • Refresh Tokens
    • Token Storage
    • JWT Interceptions
  • External links
    • Source code
    • Issue Tracker
    • cbauth
    • cbcsrf
    • JWT CFML
Powered by GitBook
On this page

Was this helpful?

Edit on Git
Export as PDF
  1. Getting Started
  2. Configuration
  3. Rule Sources

Inline Rules

Inline rules will be used by declaring them in your configuration for cbsecurity in the config/ColdBox.cfc. This is done by making the rules key an array of rule structures.

config/Coldbox.cfc
moduleSettings = {
	// CB Security
	cbSecurity : {
		// The global security rules
		"rules" : [
			// should use direct action and do a global redirect
			{
				"whitelist": "",
				"securelist": "admin",
				"match": "event",
				"roles": "admin",
				"permissions": "",
				"action" : "redirect"
			},
			// no action, use global default action
			{
				"whitelist": "",
				"securelist": "noAction",
				"match": "url",
				"roles": "admin",
				"permissions": ""
			},
			// Using overrideEvent only, so use an explicit override
			{
				"securelist": "ruleActionOverride",
				"match": "url",
				"overrideEvent": "main.login"
			},
			// direct action, use global override
			{
				"whitelist": "",
				"securelist": "override",
				"match": "url",
				"roles": "",
				"permissions": "",
				"action" : "override"
			},
			// Using redirect only, so use an explicit redirect
			{
				"securelist": "ruleActionRedirect",
				"match": "url",
				"redirect": "main.login"
			}
		]
	}
};
PreviousDB RulesNextJSON Rules

Last updated 5 years ago

Was this helpful?