Security Interceptor Question

Communities ColdBox HMVC
#1

Hi all,

I've got a ColdBox app using the Core Security Interceptor. That all works fine. I then have a module in the app that also wants to use the default Security Interceptor. As far as I understand, if I define the interceptor in the ModuleConfig.cfc, it will get merged with the parent interceptor. Which means it will look at the parents' securityrules.xml file ?

The parent app only needs to secure a few pages, not all pages.

The module ("administrator") needs to secure the entire module....ie the user with admin rights has to be logged in to even see it.

So, obviously I need separate security rules, but I also want the module to be self-dependant and not use the parents' rules file.

What is the best way to implement this given the above scenario?

Ideas ?

Thanks in advance.

Anuj Gakhar

#2

Just add another security interceptor instance to your module. Just make sure you use a different name property in the declaration and also point it to the right module security file.

Luis Majano
CEO
Ortus Solutions, Corp

ColdBox Platform: http://www.coldbox.org
Linked In: http://www.linkedin.com/pub/3/731/483
Social: twitter.com/ortussolutions | twitter.com/coldbox | twitter.com/lmajano

#3

Thanks Luis - putting in the "name" attribute did the trick.

However, I have another question. I am having issues getting the runEvent() to work within the module.

If I call runEvent('controlpanel.categories.delete') I get a 404

If I call runEvent('controlpanel:categories/delete') - I get this erro

Invalid Module Event Called: controlpanel:categories/delete. The module: controlpanel is not valid. Valid Modules are: controlpanel

What is the correct way to call runEvent() in a module's handlers ?

Thanks.

#4

Something is wrong with the way I have set it up

in my main Routes.cfm - I've added this after all the other custom routes (tried putting it before the custom routes as well, makes no difference)

<cfset addModuleRoutes(pattern="/controlpanel",module="controlpanel") />

and in the Module I have a Security Interceptor....and the main app has a Security Interceptor too with a different name

But I am now seeing strange behaviour with my SES routes....none of them work....every route points to the main default index.cfm page ....Is the Module's Routes being loaded even when I am not in the module ?

Can't seem to understand what am I doing wrong here....

My ModuleConfig.cfc looks like this

function configure(){
    
    settings = {
      version = this.version
    };
    
    // Layout Settings
    layoutSettings = { defaultLayout = "Layout.Admin.cfm" };
    
    // SES Routes
    routes = [
      // Module Entry Point
      {pattern="/", handler="main",action="index"},
      // Convention Route
      {pattern="/:handler/:action/:id"},
      {pattern="/:handler/:action?"}
    ];
    
    interceptors = [
      {
        name="ControlPanelSecurity",
        class="coldbox.system.interceptors.Security",
        properties={
          rulesSource="xml",
          rulesFile="modules/controlpanel/config/securityrules.xml.cfm",
          debugMode=true,
          useRoutes=true,
          validator="modules.controlpanel.model.SecurityService"
          }
      }
    ];
  }

#5

Module:event

The event uses dot notation