ColdBox Framework Forums Notification: Post to Ses and an Admin folder

Communities ColdBox HMVC
1

Title: RE: Ses and an Admin folder
Thread: Ses and an Admin folder
Forum: Need Help?
Conference: ColdBox
User: lmajano HI,

A key importance on this is if you want to have a separate application
for the admin, or if you want to have one application with multiple parts. My
preference is to have one application with multiple parts, these parts being
packaged into directories within handlers/layouts and views. That way, I have
one application with multiple sub-applications. Now, to do security you use the
security interceptor to protect the events according to your own security rules.
Then you can use the ses interceptor to create aliases via the custom routes to
your sub-aplications or sections.

Remember that the ses interceptor parses
the url according to its rules, if it finds a match, it will process it. If you
want to have a separate application, then well, then you have a separate
application that does not conflict with the main one.

+handlers

--+admin
--pages.cfc
--+cms.cfc
--+whatever.cfc

As you can see from above, you
can package functionality into directories. Then you can protect these events
via the security interceptor. No need to create an admin application, unless it
will live somewhere else.

So a route can looke like:
index.cfm/admin.pages/list

PS: the blogcfc sample app, was just a
port and its not a best practice application.
http://forums.coldboxframework.com/index.cfm?event=ehMessages.dspMessages&threadid=ED15E4C0-FF6E-E829-9A990AD1DC553F04

2

So is there a sample app that does have a best practice security implementation?

3

CodexWiki will be out soon and it will have all kinds of security and sub applications. But we are not releasing it as an open application yet.

However, the security guide on the wiki on the “What’s new” should be a good guide on how to secure your applications. As for creating packages, well, they are just a way to organize your application and to use them is all explained in the guides.

I cannot create every sample app that demos all features. There are several apps in the bundle to guide you into getting a feel of what you can do. The rest is well, by an exchange of ideas here in the list and forums.

Ernst Van der Linden, can you shed some light here? I know you have an excellent approach.

So for security, I would use the security interceptor in 2.6. As for your admin, I would organize it into a folder called admin and securing it with the interceptor. The ses guide shows how to call packaged events.

Luis

4

Go for the security interceptor and stick to one application, not multiple. An admin section is just a part of an application.
Reuse views, but use certain handlers only for admin.

Ernst

5

Thanks folks, just getting a grip on how to do the things I’m used to doing, in a ColdBox way.

6

Don’t forget to spread the word :slight_smile: