I've got a ColdBox app using the Core Security Interceptor. That all works fine. I then have a module in the app that also wants to use the default Security Interceptor. As far as I understand, if I define the interceptor in the ModuleConfig.cfc, it will get merged with the parent interceptor. Which means it will look at the parents' securityrules.xml file ?
The parent app only needs to secure a few pages, not all pages.
The module ("administrator") needs to secure the entire module....ie the user with admin rights has to be logged in to even see it.
So, obviously I need separate security rules, but I also want the module to be self-dependant and not use the parents' rules file.
What is the best way to implement this given the above scenario?
Just add another security interceptor instance to your module. Just make sure you use a different name property in the declaration and also point it to the right module security file.
and in the Module I have a Security Interceptor....and the main app has a Security Interceptor too with a different name
But I am now seeing strange behaviour with my SES routes....none of them work....every route points to the main default index.cfm page ....Is the Module's Routes being loaded even when I am not in the module ?
Can't seem to understand what am I doing wrong here....