@Jeetu: multiple config objects provides no benifit over multiple config files. Coldbox only touchs your config when it starts up the first time (or you reinit). After that, the contents of your config is stored in the application scope. When you do something like getSetting(), ColdBox does NOT look at your config file/object. Instead it pulls from the application scope. If you want three configs loaded simultaneiously, you need three application scopes.
@Andrew: Your environment solution has the same issue. I am almost certain that the environment overrides are only loaded ONCE with the rest of the config. They are not touched on a request-by-request basis. Therefore the app would be initialized with whatever “environment” it was initted with. Unless, of course, you are recommending this in conjunction with three different application scopes. In that case, I don’t see why it wouldn’t work.
Is there any way to do this in the Coldbox core files?
Sure. Anything is possible and ColdBox is open source. That being said, you can look forward to making some major changes to the ColdBox core code. I can’t imagine the amount of trouble that magnitude of changes would be being easier than simply adopting three application scopes or using modules. What is the issue really with having three application scopes? You could still have all your files in one place. The only downside really is you would use more memory since all your singletons, cache, and Coldbox controllers exist three times in memory. Also, you cannot share cache without some extra config.
If prefer virtual directories for web-services.
If all your code is in the web root, why would you need virtual directories?
Hacker safety should be ensured at the interceptor level.
Interceptors are part of the ColdBox framwork and only fire if you are processing a ColdBox request. Imagine if someone hit this URL directly: www.yourdomain.com/models/userService.cfc.
That bypasses the ColdBox framework and any interceptors you have configured. If you have any methods you left as “remote” or if you have CF administrator installed and someone guesses your password they can introspect your CFCs. This is why I like to save my web root for things that will be served to users.
Thanks!
~Brad
