Security interceptor problem

Communities ColdBox HMVC
1

My security interceptor is not re-directly properly.
Here is my rules.xml file:
<rules>
    <rule>
        <whitelist>user\.login,user\.logout,^main.*,^general.*</

        <securelist>^admin\..*,^categories\..*,^user\..*,^complaints
\..,^cacheManager\..</securelist>
        <roles>admin,superUser</roles>
        <permissions>read,write,delete,superUser</permissions>
        <redirect>login.index</redirect>
    </rule>
</rules>

Here is the configuration for my security interceptor from
coldbox.cfc:
//Security
      {class="coldbox.system.interceptors.security",
       properties={
         rulesSource = "ioc",
         rulesBean = "rules",
         rulesBeanMethod = "getSecurityRules",
         preEventSecurity = true,
         validatorIOC = "validator"
       }

The interceptor should re-direct to: http://site/index.cfm/login/index
Instead it's redirecting to http://site/login/index, resulting in a
404 error.
I'm using CB 3 M4

Thanks for any help on this

2

Hello everyone–
I did some more investigation of this problem and it’s not the security interceptor that is giving me problems, its setNextEvent().
So, I set up a test handler called, general.test

When this handler redirects, the url it redirects to is missing index.cfm, resulting in a 404 error. I am using SES urls but am not using mod-rewrite. This issue just popped up this week after downloading the latest coldbox files from SVN. Is there a configuration change that I now need to make to tell Coldbox to include index.cfm in the re-direct url? Thanks, Joel
3

Joel. Can you pot your routes file? Also do not use preeventsecurity =
true unless you want to secure internal calls. Usually you don't want
preeventsecurity as it can bog down the system with checks. This I
only done to secure both internal and external calls

4

Thanks for the tip on preEventSecurity.
Here is my routes file:

// General Properties setEnabled(true); setUniqueURLS(false); //setAutoReload(false); protocol = "http"; if (len(cgi.http) and cgi.http is "on") protocol = "https"; // Base URL if( len(getSetting('AppMapping') ) lte 1){ setBaseURL("#protocol#://#cgi.HTTP_HOST#/index.cfm"); } else{ setBaseURL("#protocol#://#cgi.HTTP_HOST#/#getSetting('AppMapping')#/index.cfm"); }

// Your Application Routes
addRoute(“content/:file”,“content”,“index”);
addRoute(“draft-complaint/:searchType/:file”,“complaint”,“index”);
addRoute(":handler/:action?");

5

Hi Luis–
I also noticed this morning that event.buildLink() was not including index.cfm in the links it is building. I checked my routes.cfm file and I am including index.cfm in setBaseURL():

if( len(getSetting(‘AppMapping’) ) lte 1){
setBaseURL("#protocol#://#cgi.HTTP_HOST#/index.cfm");
}
else{
setBaseURL("#protocol#://#cgi.HTTP_HOST#/#getSetting(‘AppMapping’)#/index.cfm");
}

Best,
Joel

6

Did you reinitialize the application?