cbSecurity
CommunitySlackSupport
v2.x
v2.x
  • Introduction
  • Intro
    • Release History
      • What's New With 2.15.0
      • What's New With 2.14.0
      • What's New With 2.13.0
      • What's New With 2.12.0
      • What's New With 2.11.x
      • What's New With 2.10.0
      • What's New With 2.9.0
      • What's New With 2.8.0
      • What's New With 2.7.0
      • What's New With 2.6.0
      • What's New With 2.5.0
      • What's New With 2.4.0
      • What's New With 2.3.0
      • What's New With 2.2.0
      • What's New With 2.1.0
      • What's New With 2.0.0
    • About This Book
    • Author
  • Getting Started
    • Installation
    • Overview
    • Configuration
      • Rule Sources
        • DB Rules
        • Inline Rules
        • JSON Rules
        • Model Rules
        • Module Rules
        • XML Rules
  • Usage
    • Authentication Services
    • Security Rules
    • Security Annotations
    • Secured URL
    • Interceptions
    • cbSecurity Model
      • secure() Blocking Methods
      • Verification Methods
      • Authorization Contexts
      • Securing Views
    • Cross Site Request Forgery
  • Security Validators
    • CBAuth Validator
    • CFML Security Validator
    • Custom Validator
  • JWT
    • JWT Services
    • JWT Validator
    • Refresh Tokens
    • Token Storage
    • JWT Interceptions
  • External links
    • Source code
    • Issue Tracker
    • cbauth
    • cbcsrf
    • JWT CFML
Powered by GitBook
On this page

Was this helpful?

Edit on Git
Export as PDF
  1. Getting Started
  2. Configuration
  3. Rule Sources

XML Rules

If you have already an XML file with your rules, then all you need to do is add the path (relative or absolute) to that file in the rules configuration key. However, the path MUST include the keyword XML in it.

config/Coldbox.cfc
moduleSettings = {
	// CB Security
	cbSecurity : {
		"rules" : "config/security.xml.cfm"
};

Then your xml file can look like this:

config/security.xml.cfm
<?xml version="1.0" encoding="ISO-8859-1"?>
<-- <
Declare as many rule elements as you want, order is important 
Remember that the securelist can contain a list of regular
expressions if you want

ex: All events in the user handler
 user\..*
ex: All events
 .*
ex: All events that start with admin
 ^admin

If you are not using regular expressions, just write the text
that can be found in an event.
-->
<rules>
    <rule>
        <match>event</match>
        <whitelist>user\.login,user\.logout,^main.*</whitelist>
        <securelist>^user\..*, ^admin</securelist>
        <roles>admin</roles>
        <permissions>read,write</permissions>
        <redirect>user.login</redirect>
    </rule>

    <rule>
           <match>event</match>
        <whitelist></whitelist>
        <securelist>^moderator</securelist>
        <roles>admin,moderator</roles>
        <permissions>read</permissions>
        <redirect>user.login</redirect>
    </rule>

    <rule>
           <match>url</match>
        <whitelist></whitelist>
        <securelist>/secured.*</securelist>
        <roles>admin,paid_subscriber</roles>
        <permissions></permissions>
        <redirect>user.pay</redirect>
    </rule>
</rules>
PreviousModule RulesNextAuthentication Services

Last updated 5 years ago

Was this helpful?