Module or Separate Application?

I am working on a new application for a client and I am having some trouble deciding what route to take. The main application is a client portal where clients can

  • place secured orders

  • view order history

  • manage account information

  • view notifcations

  • run reports

  • dashboard
    There will be an administrator application to this portal that will have the following functions

  • view/search orders for all users

  • view/approve/deny new account registrations

  • send notifications to user(s)

  • make updates to a certain database table

  • manage users

  • view sales / users / reports
    The 2 “apps” share a couple of things

  • look and feel

  • model (domain)

  • components
    Other than that they are almost 2 distinct applications. They will have different navigation, screens and functionality. I am going to need an SSL for both so if they lived under 1 umbrella that sure would make things a lot easier.

What are your thoughts?

You could do a collection of modules Dan. I have found it easier to not say, ok, a full app or a module, but say, a full app or modules. You can aggregate modules together in separate folders if you like also and use things like ModulesExternalLocation to tell ColdBox where all your modules exist so they are loaded.

So I would probably divide the application in to appropriate modular components.

Luis F. Majano
Ortus Solutions, Corp

ColdBox Platform:
Linked In:
IECFUG Manager:


I think breaking the application into any more modules than the following just makes things more complicated.

Client Portal

Has anyone else built an admin application as a module? It just doesn’t make sense to do because almost everything outside of the model will be different.

Hi Dan,

My view generally would be to build modules if the model is not related - the beauty of a module is that it’s portable and can be dropped into any app - would your admin module be much use dropped into another app? My guess would be no.

I’m sure other people will have differing opinions, but that’s how I look at it.


As soon as I think of modules I think of portable… would I use this in another application and the answer to that is no.

This is why the whole time I thought of it as a separate application.

Sure, I agree module isn’t the best place.

As for separate app, that in itself raises challenges, shared code base, shared cache etc etc.

Tough one really.

All examples I’ve seen in OSS have all been contained within the single app i think.

I personally have a different opinion on this.

I have done this with quite a few apps now and I just make a module for the admin. That makes sharing the model objects, application cache and setting, and sometimes even application layouts and themes all possible and readily available to you.

Well portability( Reusability ) is one of the great advantages to modules, it also has others such as Manageability (i.e., small and simple parts that can be easily understood and worked on) and Isolation (i.e., some modules can be completely isolated and decoupled) which both come into play in your scenario.

Thats my thoughts.


Thanks for your input on this Curt,

How does does putting these sections in a Module a benefit over creating /admin subdirectories in the views and controllers?

I totally get your point about the isolation, this is the same opinion I have, I just saw it that an admin area isn’t likely to have much isolation as its so closely coupled to the core application model.



Ya, view and controller packaging is how I used to do it before modules. And yes, the about of isolation does become lower in a admin type tool, but there are probably still things that can be isolated. I also like the manageability of configuration for the module, things like storing settings and registering interceptors, etc. Also, as your code base grows, IMHO, the module keeps the code cleaner (less sub-directories withing sub-directories, etc).

Just my thoughts.


So I really didn’t want the maintenance nightmare but its been awhile since I built a module.I am giving it a go and ran into my first problem. Everyone in the Portal is a user and has the user role. Our couple of admins will have the admin role. Can I define multiple entries in my security interceptor so that the whole admin module is locked down to only admins? This is my portal security rules.

authentication\..*, \..* user authentication/login false

also is there a way to find out where this error is coming from? I can’t find where this is happening (attachment)

I found that I could use multiple rules but for the life of me couldn’t figure out how to secure the admin module. I tried a variety of securelists and couldn’t figure it out

authentication\..*, \..* user authentication/login false authentication\..* admin\..* admin authentication/login false

oddly enough I looked back at my solitary module and found this, not sure why I have solitary:solitary. Can anyone explain the proper way i can have users locked down in the main app and admin roles in the admin app

solitary:security\..*,docs\..* \..* admin,author security/login false

I kind of got it working now…but i can’t figure out the catch all for anything under the admin module… i added all of the routes/handlers I am using but i would rather not do this…

<?xml version="1.0" encoding="UTF-8"?> authentication\..* admin:dashboard\..*,admin:registration\..*,admin:order\..*,admin:user\..*,admin:donotcall\..* admin dashboard false authentication\..*, \..* user authentication/login false

Dan remember the rules are fired in order. In the examples you showed you had a .* regex that would hit everything and secure it.

That’s one thing. Then I woul do a regex for your module if you want to secure all of it. Remember that event syntax notes as


thanks for the insight Luis! This worked :slight_smile:

authentication\..*,account\.forgot admin:.* admin dashboard false authentication\..*,account\.forgot,account\.register,account\.doForgotPassword,account\.doRegister \..* user authentication/login false

Thank You
Dan Vega