Skip to main content
A
Anonymous
July 15, 2009
Answered

authentication

  • July 15, 2009
  • 1 reply
  • 949 views

We have 2 user roles(group): role1 and role2, role1 can access pages under URL1 or directory 1, role 2 can access pages under URL2 or directory2.

I know it is easy to configure the maping between role and resource in J2EE (web.xml), but I don't know how to setup it in the coldfusion? Suppose the user information is in database, not LDAP.  I appreciate any help.

George

This topic has been closed for replies.
Correct answer ilssac

I briefly reviewed that link and it seems to be speaking to web server security with JBOSS being the web server.  ColdFusion is not a web server, at least it is not recommended that it be a web server in a production environment.  The built-in web server inside ColdFusion is recommended only for development environments.

If you want web-server security you need to look at the features of the web server you are using with ColdFusion, commonly IIS or Apache.  They both have features to provide authentication.

If you want basic Application security done with ColdFusion, the documentation has an entire chapter complete with code examples: http://livedocs.adobe.com/coldfusion/8/htmldocs/appSecurity_01.html.  The basic idea is that one puts code in the Application.cfm or Application.cfc files that is run at the beginning of every request.  This code checks for a logged in state, if the state is not logged in then look for a login form post, if post try to log in, if try fails OR no login form post, display login form.

1 reply

ilssac
ilssac
Inspiring
July 15, 2009

I'm not sure what you are trying to do, but I wanted to point out that modern ColdFusion is Java (J2EE) based and it uses a web.xml file.  If you now how to set up what you want with that file, I suspect that is what would work for ColdFusion.

A
Anonymous
July 16, 2009

Thanks, Ian.

You are right. I use jboss. Coldfusion is a ear file. My coldfusion code is under the coldfusion ear file. I want to implement form login to protect the resources based on the roles, just like http://www.jboss.org/community/wiki/SecureAWebApplicationUsingACustomForm but in coldfusion.  Do you know any coldfusion form login example for this?

ilssac
ilssacCorrect answer
Inspiring
July 16, 2009

I briefly reviewed that link and it seems to be speaking to web server security with JBOSS being the web server.  ColdFusion is not a web server, at least it is not recommended that it be a web server in a production environment.  The built-in web server inside ColdFusion is recommended only for development environments.

If you want web-server security you need to look at the features of the web server you are using with ColdFusion, commonly IIS or Apache.  They both have features to provide authentication.

If you want basic Application security done with ColdFusion, the documentation has an entire chapter complete with code examples: http://livedocs.adobe.com/coldfusion/8/htmldocs/appSecurity_01.html.  The basic idea is that one puts code in the Application.cfm or Application.cfc files that is run at the beginning of every request.  This code checks for a logged in state, if the state is not logged in then look for a login form post, if post try to log in, if try fails OR no login form post, display login form.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices