ColdBox does not work with Virtual Directories

It has been about 18 months since I reported this as a problem on the original forums, and still looking to find an answer to this in some way. I did find and make some modifications to the SES interceptor, that seemed to work some but causes more problems further into the framework.

The problem is that when you do an event, or reroute in the SES interceptor, there is no way that the virtual directory of the URL is preserved. This has been a major headache for me on one application that looks like ColdBox will never be converted for, which is a shame because I had hoped to prove it a good investment going forward.

Is this going to be something that can be fixed, looked at or even addressed soon?

Here is the problem with the security interceptor, if one has a directory like this.

http://www.somedomainname.com/virtualDirectory1

And this entire thing is secured then one would use the security rules of something like

login.*

^

login.dspLogin

Now this actually works to some degree, but the problem here is that the user is redirected to the URL minus the virtual directory. And this is not acceptable, especially when the login is reliant on the name of the virtual directory to name the application. Which in this case will result in the user never ever being able to log into the application.

I have spent a good 18 months trying to solve this problem, and have not found an answer that will work in any way shape or form.

Luis, we have spoken about this on the forums. To the point were it almost worked. Because I could do something like this.

^(\w*).login.*

^(\w*)

login.dspLogin

But the problem again is that the redirection doesn’t inherit or can’t use pattern matching in anyway shape or form. I hope this makes sense and Luis if you need me to zip up the code that I have to send to you for testing I would be more than willing.

But I am afraid time is running out, I was hoping to have this application converted into ColdBox 3 by the end of this week. For a reason that I can’t discuss in any public area, but let me say that it was extremely important that this scenario work.

One can also mimic the use of virtual directories in ColdBox by running with their roues with something like this.

addRoute(pattern=":virtualDirectoryName/:handler?/:action?");

And as I can see this is something that as Luis suggested on the forums is open to a lot of matches, and that is correct in this example it is and must be open in that manner for this application.

Luis is there anything that can be done about this, if there is more you need from me to help in fixing this I am more than willing too as well.

Regards,

Andrew Scott

http://www.andyscott.id.au/

Bump….

Still looking for some feedback or even a response would be nice.

Regards,

Andrew Scott

http://www.andyscott.id.au/

I personally don’t use the Security Interceptor, so take this for what it’s worth…

Why not implement your own interceptor that saves the virtual directory from the URL before it flags something unauthorized and redirects?

Jason Durham

it also redirects using whatever the ses base URL is on the request context. So that must be set correctly either by an interceptor or via the baseURL in the routes.cfm

Luis F. Majano
President
Ortus Solutions, Corp

ColdBox Platform: http://www.coldbox.org
Linked In: http://www.linkedin.com/pub/3/731/483
Blog: http://www.luismajano.com
IECFUG Manager: http://www.iecfug.com

I tried that but after a lot of work the problem is in the controller.cfc, I have managed to modify this to work for now. But my solution will not work for Applications with no virtual directory either.

I see this also as a major problem, because I know a lot of apps that use virtual directories that ColdBox will not be suited for.

Regards,

Andrew Scott

http://www.andyscott.id.au/

andrew,

The relocation that happens it all depends on the ses base url, so why would the problem be in the controller?

Luis F. Majano
President
Ortus Solutions, Corp

ColdBox Platform: http://www.coldbox.org
Linked In: http://www.linkedin.com/pub/3/731/483
Blog: http://www.luismajano.com
IECFUG Manager: http://www.iecfug.com

Luis,

As I stated the problem also exists outside of SES as well, in other words if I switch the SES off I have the same problem.

Regards,

Andrew Scott

http://www.andyscott.id.au/

Andrew, you mean that your app is running in a virtual directory, so
something like http://www.mydomain.com/myapp ?
...or does your application make use of virtual dirs?

Ernst

Ok,

Here is how it works, the application is a core framework that is running
around 30+ different clients. Each client is given a virtual directory that
defines their space, I can't go into more detail than that. But what I can
say is that the virtual directory assigned is done so because that is the
way this 6 year old app works.

To get ColdBox to work satisfactorily for VirtualDirectories regardless of
whether one is using SES or not, the Controller.cfc had to be modified at
line 375 to this

  var frontController = '';

  if(listlen(cgi.path_info,"/") gte 1) {
    frontController = '/' & listFirst(cgi.path_info,"/");
  }
  frontController = frontController & '/' &
listlast(cgi.script_name,"/");

and this in the SES case statement further on.

  relocationURL = oRequestContext.getSESBaseURL() &
listFirst(cgi.path_info,"/");

Now I know this is not a permanent fix, as it will no longer work for
applications that are not using virtual directories.

Regards,
Andrew Scott
http://www.andyscott.id.au/

From: coldbox@googlegroups.com [mailto:coldbox@googlegroups.com] On
Behalf Of Ernst van der Linden
Sent: Friday, 5 November 2010 8:24 AM
To: ColdBox Platform
Subject: [coldbox:6530] Re: ColdBox does not work with Virtual Directories

Andrew, you mean that your app is running in a virtual directory, so
something like http://www.mydomain.com/myapp ?
...or does your application make use of virtual dirs?

Ernst

> Luis,
>
> As I stated the problem also exists outside of SES as well, in other
> words if I switch the SES off I have the same problem.
>
> Regards,
>
> Andrew Scott
>
> <http://www.andyscott.id.au/>http://www.andyscott.id.au/
>
> From: coldbox@googlegroups.com [mailto:coldbox@googlegroups.com]
On
> Behalf Of Luis Majano
> Sent: Friday, 5 November 2010 6:45 AM
> To: coldbox@googlegroups.com
> Subject: Re: [coldbox:6526] ColdBox does not work with Virtual
> Directories
>
> andrew,
>
> The relocation that happens it all depends on the ses base url, so why
> would the problem be in the controller?
>
> Luis F. Majano
> President
> Ortus Solutions, Corp
>
> ColdBox Platform:http://www.coldbox.org Linked
> In:http://www.linkedin.com/pub/3/731/483
> Blog:http://www.luismajano.com
> IECFUG Manager:http://www.iecfug.com
>
>
> I tried that but after a lot of work the problem is in the
> controller.cfc, I have managed to modify this to work for now. But my
> solution will not work for Applications with no virtual directory

either.

>
> I see this also as a major problem, because I know a lot of apps that
> use virtual directories that ColdBox will not be suited for.
>
> Regards,
>
> Andrew Scott
>
> http://www.andyscott.id.au/
>
> From: coldbox@googlegroups.com [mailto:coldbox@googlegroups.com]
On
> Behalf Of Jason Durham
> Sent: Friday, 5 November 2010 12:38 AM
> To: coldbox@googlegroups.com
> Subject: Re: [coldbox:6517] ColdBox does not work with Virtual
> Directories
>
> I personally don't use the Security Interceptor, so take this for what
> it's worth...
>
> Why not implement your own interceptor that saves the virtual
> directory from the URL before it flags something unauthorized and
redirects?
>
> Jason Durham
>
>
> It has been about 18 months since I reported this as a problem on the
> original forums, and still looking to find an answer to this in some
> way. I did find and make some modifications to the SES interceptor,
> that seemed to work some but causes more problems further into the
framework.
>
> The problem is that when you do an event, or reroute in the SES
> interceptor, there is no way that the virtual directory of the URL is
> preserved. This has been a major headache for me on one application
> that looks like ColdBox will never be converted for, which is a shame
> because I had hoped to prove it a good investment going forward.
>
> Is this going to be something that can be fixed, looked at or even
> addressed soon?
>
> Here is the problem with the security interceptor, if one has a
> directory like this.
>
> http://www.somedomainname.com/virtualDirectory1
>
> And this entire thing is secured then one would use the security rules
> of something like
>
> <rules>
>
> <rule>
>
> <whitelist>login\.*</whitelist>
>
> <securelist>^</securelist>
>
> <roles></roles>
>
> <permissions></permissions>
>
> <redirect>login.dspLogin</redirect>
>
> </rule>
>
> </rules>
>
> Now this actually works to some degree, but the problem here is that
> the user is redirected to the URL minus the virtual directory. And
> this is not acceptable, especially when the login is reliant on the
> name of the virtual directory to name the application. Which in this
> case will result in the user never ever being able to log into the

application.

>
> I have spent a good 18 months trying to solve this problem, and have
> not found an answer that will work in any way shape or form.
>
> Luis, we have spoken about this on the forums. To the point were it
> almost worked. Because I could do something like this.
>
> <rules>
>
> <rule>
>
> <whitelist>^(\w*).login\.*</whitelist>
>
> <securelist>^(\w*)</securelist>
>
> <roles></roles>
>
> <permissions></permissions>
>
> <redirect>login.dspLogin</redirect>
>
> </rule>
>
> </rules>
>
> But the problem again is that the redirection doesn't inherit or can't
> use pattern matching in anyway shape or form. I hope this makes sense
> and Luis if you need me to zip up the code that I have to send to you
> for testing I would be more than willing.
>
> But I am afraid time is running out, I was hoping to have this
> application converted into ColdBox 3 by the end of this week. For a
> reason that I can't discuss in any public area, but let me say that it
> was extremely important that this scenario work.
>
> One can also mimic the use of virtual directories in ColdBox by
> running with their roues with something like this.
>
> addRoute(pattern=":virtualDirectoryName/:handler?/:action?");
>
> And as I can see this is something that as Luis suggested on the
> forums is open to a lot of matches, and that is correct in this
> example it is and must be open in that manner for this application.
>
> Luis is there anything that can be done about this, if there is more
> you need from me to help in fixing this I am more than willing too as

well.

Andrew, does every virtual dir has it's own ColdBox app or do you have
one global app?

Did you check the security interceptor, in 2.6.4 it's line 199
/* Save the secured URL */
rc._securedURL = "#cgi.script_name##cgi.path_info#";

Maybe you can customize that to fit your needs.

Did you create your own SecurityInterceptor which extends
coldbox.system.interceptors.security?

Ernst

And do you use mappings in Application.cfc?

So something like below:

<cfset this.mappings['/'] = COLDBOX_APP_ROOT_PATH />
<cfset commonPath = expandPath('../../common')>
<cfset this.mappings['/coldbox'] = commonPath & '/src/coldbox/v2.6.4' />

I do, but I fail to see what that has to do with this. Because even if this
one vDir it would suffer the same problem.

Regards,
Andrew Scott
http://www.andyscott.id.au/

Well, you created a custom security interceptor, which has interceptor
points preProcess and preEvent.
These methods process the secuirty rules. So before the security rules
are being processed, you can store the url and redirect later.

Ernst

Hmm, I thought I also said that there are other problems as well!

The problem is just not with the SES/Security Interceptors, there are other
issues within the framework that cause these issues as well.

And for your information, the Security Interceptor was where I started. I
modified that to get it to work in that area, and as I have stated in a
simialr thread it caused issues and I went looking further into the problem.

The changes I made not only work for the SES/Security side of things but
they also fix other issues that I had with Virtual Directories as well. The
downside now is that you have to remove the code to have it work with sites
with no virtual directories.

Regards,
Andrew Scott
http://www.andyscott.id.au/

From: coldbox@googlegroups.com [mailto:coldbox@googlegroups.com] On
Behalf Of Ernst van der Linden
Sent: Friday, 5 November 2010 11:27 AM
To: coldbox@googlegroups.com
Subject: Re: [coldbox:6536] Re: ColdBox does not work with Virtual
Directories

Well, you created a custom security interceptor, which has interceptor

points

What about two different mappings?

One unmodified ColdBox version and one ColdBox version with your modifications?

Ernst

Yeah that is possible, but I am thinking more along the lines of a permanent
fix for everyone else as well.

Regards,
Andrew Scott
http://www.andyscott.id.au/

I would advice to use the mappings for now then. Maybe you (or someone
else) come up with a "cleaner solution" in the coming weeks.

Ernst

That is fine for others, but not for me I have ColdBox as part of this
application for now.

So thanks, but not needed in this case.

Regards,
Andrew Scott
http://www.andyscott.id.au/