Trying to understand security interceptor

murphyhg · March 22, 2011, 9:43pm

I would like to be able to secure any handler that begins with admin.
If it is just admin it works. If it is something longer it does not.
    <rule>
        <whitelist>admin.index</whitelist>
        <securelist>^admin\..*</securelist>
        <roles>Super Admin,Administrator,User</roles>
        <permissions></permissions>
        <redirect>admin</redirect>
    </rule>

This does not work.
addRoute(pattern="admin/manage-properties",
handler="adminmanageproperties", action="index");

Even though the handler starts with admin it does not get picked up. I
suspect that the reg ex is wrong. Thanks for your help.

lmajano · March 22, 2011, 10:00pm

your regex says it starts with admin followed by a period
Luis F. Majano
President
Ortus Solutions, Corp

ColdBox Platform: http://www.coldbox.org
Linked In: http://www.linkedin.com/pub/3/731/483
Blog: http://www.luismajano.com
IECFUG Manager: http://www.iecfug.com

andrews · March 22, 2011, 10:04pm

You are trying to secure the SES and not the actual hander.

In your example the handler is actually adminmanageproperties and not admin.

Regards,
Andrew Scott
http://www.andyscott.id.au/

murphyhg · March 22, 2011, 10:55pm

Luis & Scott thanks so much. How can I make it be if any part of the
handler string contains admin?

Yhanks!

Trying to understand security interceptor

Latest Ortus News

GIVING BACK

HARVESTING IN SPANISH

WOODSEDGE