Hi Guys, I have a site with ContentBox and I am doing some other security outside of ContentBox. I am using the coldbox.system.interceptor simple security interceptor.
What is the correct syntax for adding all of the ContentBox modules to a whitelist so they will be whitelisted by this interceptor?
I tried contentbox, contentbox-admin and none of those worked. I removed the modules fwreinited and that is when I got the error about moduleServices@cb missing dependencies.
Now there is also a caveat that you also need to be aware, usually you will not do this often but if you do then your security will go out the window. Anytime you reset the rules they are wiped and recreated, so you will also need to create an interceptor to re-add these rules again.
In my module Config you will also need to do this, this will setup the module security when the module is activated and registered. But not when you reset the security rules from the dashboard, so just be aware of that.
I think the whitelist needs to be a full event. The module name would just be a partial event. That means you probably need to use regex. Also, make sure you don’t have extra whitespace in the comma-delimited list.
I am going to try this pattern for the whitelist="^contentbox:.,^contentbox-admin:.,^contentbox-filebrowser:.,^contentbox-security:.,^contentbox-ui:.*";
Hi Guys, I was able to get this to work. contentbox-ui:blog.index However what I really need is a regex that can cover that entire module ^contentbox:.\.\.
I can’t seem to get the correct syntax for that.
Tried all of the suggested ones and from the sample JSON list.
Hi this was suggested as a way to pickup that entire module and add it to the whitelist interceptor. I am using Railo 4.2.1.003 on windows 2012 server.
^contentbox-ui:.* If I do the entire event it works (contentbox-ui:page.index) but there are so many events in ContentBox I will never get them all.
This secures, the entire module, notice the .* here. Then we have
whitelist": “^cronus-facebook:security\.”
Which then adds the handler to that module to the whitelist, if you need to do this on an event within the handler, then you will need to adjust the whitelist to allow.
Could you break it down to what you’re trying to achieve here.
Hi Andrew, what I am trying to achieve is to add all of the contentbox modules to the whitelist. I have contentbox inside another ColdBox application. Running security for another module. The list of ContentBox modules I want to add to the whitelist are contentbox,contentbox-admin,contentbox-filebrowser, and contentbox-security.
Can I not whitelist the entire module without listing each handler?
Hi Andrew, ContentBox is doing it’s own security. The interceptor does not override ContentBox security. It just allows Contentbox to pass through and then ContentBox enforces it’s security.