Installing cbsecurity with help from ChatGPT

Communities ColdBox HMVC
1

This is the question I asked the Ortus Documentation AI

how do I set up cbsecurity module in an app

This is the response…

You can create a cbsecurity key in the modulesettings or if you are in ColdBox 7 you can create a config/modules/cbsecurity.cfc as well. You can find much more information about cbsecurity here: FORGEBOX: cbauth.

I then asked the same question to ChatGPT 4

how do I set up cbsecurity module in an app

This is the response…

cbsecurity is a security module for the ColdBox platform, which is an MVC framework for ColdFusion (CFML) language. To set up the cbsecurity module in your ColdBox application, follow these steps:

  1. Install cbsecurity:

You can install cbsecurity using CommandBox, a ColdFusion (CFML) CLI and package manager. Open your terminal or command prompt, navigate to your application’s root directory, and run the following command:

box install cbsecurity

This command will download and install the cbsecurity module in your application.

  1. Configure cbsecurity:

After the installation, create a new file in your application’s config directory called CBSecurity.cfc. This file will hold all the security configuration settings for your application.

Here’s a basic template to get you started:

component {
    function configure() {
        // Set the authentication service
        settings( "authenticationService" = "UserService" );

        // Configure rules
        rules( [
            {
                rule: "allow",
                roles: "admin",
                resources: "/admin"
            },
            {
                rule: "allow",
                roles: "user",
                resources: "/user"
            }
        ] );
    }
}

Replace UserService with your actual authentication service and customize the rules array to fit your application’s requirements.

  1. Wirebox Bindings:

In your config/Wirebox.cfc file, create a binding for the UserService. Replace UserService with the actual path to your service file and IUserService with the appropriate interface or alias:

component {
    function configure() {
        // Other bindings...

        map( "IUserService" ).to( "UserService" );
    }
}
  1. Update ColdBox configuration:

In your config/Coldbox.cfc, add the cbsecurity module to the modules array:

component {
    function configure() {
        // ... other ColdBox configurations

        // Modules
        modules = [
            // ... other modules

            { "cbsecurity" }
        ];
    }
}
  1. Implement authentication logic:

In your UserService (or your chosen authentication service), implement the authentication logic. This service should have a getAuthenticationInfo method that returns the user’s authentication data, including roles and permissions.

  1. Secure handlers or actions:

You can now secure specific handlers or actions using the secured annotation. For example:

component secured="admin" {
    function index( event, rc, prc ) {
        // Your secured action logic
    }
}

The secured annotation will make sure that only users with the admin role can access this handler or action.

With these steps, you should have a basic setup for the cbsecurity module in your ColdBox application. You can further customize the configuration as needed, and refer to the official documentation for more options: https://coldbox-security.ortusbooks.com/

Now, I don’t think the second response is fully correct as ChatGPT4 is only trained up until September 2021 but it gives the kind of steps that people unfamiliar with Coldbox can work with.

Could somebody please point me to a fully working step by step guide to getting cbSecurity 3.0 working or just give me a quick rundown of the steps required. The closest I got to the answer is Irvin Wilson - cbSecurity 3.0 but it is broken when going to the security visualiser - it tells me that a database link is missing modules/cbsecurity/models/util/DBLogger.cfc:338 but no further clue as to what the problem is. How can I dig around in the actual cbsecurity package whilst I still don’t know the module?

This link - ShiftInsert is more helpful but is only version 2.0 of cbsecurity.

2

The entire docs for cbsecurity have been reworked and revamped. Will de Bruin from ShiftInsert also revised them. https://coldbox-security.ortusbooks.com.

Have you seen the REST Template: GitHub - coldbox-templates/rest: A RESTFul service ColdBox MVC template
or the new zero to hero templates: coldbox-zero-to-hero/soapbox at v7.x · ColdBox/coldbox-zero-to-hero · GitHub

3

Please note that ChatGPT is a sentence generator, nothing more. You can clearly see the configuration it gave you is fictional - to my knowledge, this syntax has never existed.

The documentation is what you’re looking for, IMO. If there’s something that’s not “fully working” or “step by step”, let us know the specifics of what you tried and the full stack trace of the error that resulted, and we can revise.

It’s worth noting that this question is totally unrelated to this “Ortus ChatGPT” post. :slight_smile: If I had the permissions to do so, I would move it into a separate thread so we don’t hijack this one. :man_shrugging:

4

Also, I count five different cbSecurity videos on CFCasts. These would also be a great resource:

5

My reasoning for choosing this thread was the response from Ortus AI. Because it’s using Ortus Docs as training material it does not have the breadth of knowledge of GPT4. The actual response from GPT4 was not correct but it clearly shows how a step by step guide should work. The output from Ortus AI was not helpful at all.

With regards to the docs the problem is that you understand the way things work, but for somebody just coming in there is just too much information. I’ve been through all the videos and all the online resources for hours and hours but none actually help at beginner level.

The moment an issue arises I’m mostly stuck because it’s some problem deep into Coldbox code or module code. Combine that with the multiple version problem and the result is complete deadlock.

I don’t see the point of learning V2 of something if V3 has replaced it. Reducing Cognitive load is an important point in making things effective.

FYI I ran an Application.cfm through ChatGPT4 and got a working Application.cfc. I think you’ll find that it is more than a sentence generator.

Luis is putting in a simple step by step set up for cbsecurity that should help people new to Coldbox get running quickly and I’m going through the Coldbox Zero to Hero course that he rewrote to make sure all angles are covered.

Thank you for your response though…

6

I’m sorry, I don’t mean to be flippant. I’ve been there too!

I would recommend watching the CBSecurity v3 video on CFCasts, as well as reading through the “Getting Started” documentation, paying attention to the concepts - not just the syntax. You’re much more likely to get stuck on “how” if you haven’t grasped the “why”. (In my experience.)

Hope that helps!

7

Thanks for that, but I’ve been through that video and it did not help at all. I understand the concepts but applying them is another matter.

Just off topic, I rechecked the output from ChatGPT4 and it is describing a Coldbox 7 setup! Have a look at this Coldbox 7 Configuration. I’m still not sure if it is correct though…

As I start to go through and edit the Coldbox Zero to Hero course that Luis just rewrote I’m beginning to understand the problem. When you are starting with something new it’s necessary to just get simple things working so that other features can be added to a working base.

The training materials for Coldbox are written with no regard to cognitive load - many ideas are floated at once, and the poor newbie is overwhelmed. How many times have I heard oh you can do this that way, or this way or its not needed at all?

What is required is a simple straightforward set of instructions to get each module working with Coldbox at least at a simple level so that confidence can be built. At this point further research into the detailed docs of Ortus will be possible armed with the knowledge of a working base system. I’ve lost count of the times I’ve had to junk everything and start again just to overcome some impossible error message from deep within the system, on the off chance I’ve missed something from the 300-400 setup possibilities because I don’t know what is important or not.

I’m surprised how similar the code ends up between Coldbox and Golang but learning Coldbox has been an absolute nightmare and is a real turn off for newbies. I’m happy to spend time getting this right because I have a code base in old style CFML that needs porting to a proper Coldbox framework.

8

@Eggely Could you give me an example ( link ) of what good looks like to you in a instructional tutorial? We are always looking to improve our documentation. I’m curious as to what you feel is missing, as you have voiced these concerns for several different products now.

9

The output from ChatGPT above is excellent - just not sure about the veracity of it! I’m sending you what I consider a good course as an example by email.