Ahh, I see now. Andrew and I thought you needed to implement cosign at the CF level. It sounds like your network has some other upstream appliance that intercepts HTTP requests, parses the URL out of the headers, matches the path to to white/black list and blocks/redirects URLs that are deemed secure.
IF this upstream appliance doesn’t actually care what the actual folder structure is on your webserver, and it just parses the URL for things that look like folders, then the answer is simple-- use ColdBox routes and URL rewrites to create URLs that look like folders. You can use the default routes created by your handlers (and handler packages) and actions as they are, or create totally customized routes that look like whatever you want.
http://wiki.coldbox.org/wiki/URLMappings.cfm
Now, it doesn’t really matter what files are being run, or where are they are. You can organize all your site’s events into a structure that fits your security hierarchy and provide this cosign appliance with the “folders” (really just packages and handlers) that need to be secured.
yoursite.com/secureArea/foo/bar
yoursite.com/public/bum/baz
Thanks!
~Brad
ColdBox Platform Evangelist
Ortus Solutions, Corp
E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com