Restricting login to certain event handlers

murphyhg · March 1, 2011, 1:17am

I am trying to understand how I can modify this existing login to
where it will only fire on the admin event handler.
This is the code for the securityRules.xml.cfm when I change the
redirect back to admin.index I get stuck in a loop.

<?xml version="1.0" encoding="ISO-8859-1"?>
<rules>
  
    <rule>
        <whitelist></whitelist>
        <securelist>^admin\..*</securelist>
        <roles>admin</roles>
        <permissions></permissions>
        <redirect>general.index</redirect>
    </rule>
</rules>

  <cffunction name="login" access="public" output="false"
returntype="void" hint="I perform user login">
    <cfargument name="event" required="true" />
    <cfset var rc = event.getCollection() />
    <cfset var msg = "" />
    <cfset var msgtype = "" />
    <cfset var loggedin =
instance.userService.login(username=rc.username,password=rc.password) /

    <cfif loggedin>
      <cfset msg="Welcome " & getAuthUser() & "!" />
      <cfset msgtype="info" />
    <cfelse>
      <cfset msg="Login failed. Please try again" />
      <cfset msgtype="warning"/>
    </cfif>
    <cfset getPlugin("messagebox").setMessage(type=msgtype,message=msg) /

Dan_Vega · March 1, 2011, 4:54am

Change

^admin…
to
admin…

the ^ tells it to match anything that starts with admin… so AdminOne/AdminTwo/AdminThree

admin…* matches any action in the admin handler

bdw429s · March 1, 2011, 5:48pm

Where you able to resolve this?

You mentioned in the OP "when I change the redirect back to
admin.index I get stuck in a loop. "

Well, if your admin handler is secured, what would you expect? I've
never used the default security interceptor (rolled my own) but I
would expect that the redirect would need to point to an UNSECURED
page. Namely, one that allowed them to log in.

Thanks!

~Brad

Restricting login to certain event handlers

Latest Ortus News

GIVING BACK

HARVESTING IN SPANISH

WOODSEDGE