Security Interceptor Rule

I am trying to figure out why this rule is not working. I have a preview url for products so that internally people can check out a preview before it goes live. The url looks something like this below where product is the handler and preview is the action


I thought this rule would whitelist the preview action but it is not, what is wrong with this?

solitary:security\..*,docs\..*,product\preview \..* admin,author security/login false

I thought the handler had to be in the form of ,product\.preview
(thats per the doc, dunno why because without the . feels more

Normal regex rules apply. Looks like Don Q has identified the issue that a period is missing.

You may want to install this Eclipse Plugin ( It helps me quick validate the RegEx rules in situations like this.

Please let me know your status.



What would be really cool is an eclipse / cfbuilder plugin that can
introspec ColdBox handlers and give a gui walk-through for building
the security interceptor rules.

(you guessed it, I don't know regex)