cbSecurity
CommunitySlackSupport
v2.x
v2.x
  • Introduction
  • Intro
    • Release History
      • What's New With 2.15.0
      • What's New With 2.14.0
      • What's New With 2.13.0
      • What's New With 2.12.0
      • What's New With 2.11.x
      • What's New With 2.10.0
      • What's New With 2.9.0
      • What's New With 2.8.0
      • What's New With 2.7.0
      • What's New With 2.6.0
      • What's New With 2.5.0
      • What's New With 2.4.0
      • What's New With 2.3.0
      • What's New With 2.2.0
      • What's New With 2.1.0
      • What's New With 2.0.0
    • About This Book
    • Author
  • Getting Started
    • Installation
    • Overview
    • Configuration
      • Rule Sources
        • DB Rules
        • Inline Rules
        • JSON Rules
        • Model Rules
        • Module Rules
        • XML Rules
  • Usage
    • Authentication Services
    • Security Rules
    • Security Annotations
    • Secured URL
    • Interceptions
    • cbSecurity Model
      • secure() Blocking Methods
      • Verification Methods
      • Authorization Contexts
      • Securing Views
    • Cross Site Request Forgery
  • Security Validators
    • CBAuth Validator
    • CFML Security Validator
    • Custom Validator
  • JWT
    • JWT Services
    • JWT Validator
    • Refresh Tokens
    • Token Storage
    • JWT Interceptions
  • External links
    • Source code
    • Issue Tracker
    • cbauth
    • cbcsrf
    • JWT CFML
Powered by GitBook
On this page
  • Rule Sources
  • Loading/Unloading

Was this helpful?

Edit on Git
Export as PDF
  1. Getting Started
  2. Configuration
  3. Rule Sources

Module Rules

Every module in ColdBox has the capability to contribute their own rules to cbsecurity by registering them in the ModuleConfig.cfc within the settings struct. Just create another struct called cbsecurity with the following allowed keys:

ModuleConfig.cfc
settings = {
    // CB Security Rules to prepend to global rules
    cbsecurity = {
        // Module Relocation when an invalid access is detected, instead of each rule declaring one.
        "invalidAuthenticationEvent"     : "mod1:secure.index",
        // Default Authentication Action: override or redirect when a user has not logged in
        "defaultAuthenticationAction"    : "redirect",
        // Module override event when an invalid access is detected, instead of each rule declaring one.
        "invalidAuthorizationEvent"    : "mod1:secure.auth",
        // Default Authorization Action: override or redirect when a user does not have enough permissions to access something
        "defaultAuthorizationAction"    : "redirect",
        // You can define your security rules here
        "rules"                            : [
            {
                "secureList"     : "mod1:home"
            },
            {
                "secureList"     : "mod1/modOverride",
                "match"            : "url",
                "action"        : "override"
            }
        ]
    }
};

As you can see each module can have it's own overrides for authentication and authorization events as well as their own rules.

Please note that these security rules will be PREPENDED to the global rules

Rule Sources

As with the global rules defined in config/Coldbox.cfc, the module cbsecurity.rules setting supports multiple rule sources:

For example, you can load security rules specific to a module from a JSON file stored in your module:

ModuleConfig.cfc
settings = {
    cbsecurity = {
        "rules" : "#modulePath#/config/firewallRules.json"
        // other config here... <---
    }
};

Loading/Unloading

Also note that if modules are loaded dynamically, it will still inspect them and register them if cbsecurity settings are found. The same goes for unloading, the entire security rules for that module will cease to exist.

PreviousModel RulesNextXML Rules

Last updated 3 years ago

Was this helpful?

DB
Inline
JSON
Model
XML