Upgrade to Coldbox 6 Troubleshooting CB Security

BobClements · August 13, 2021, 12:47pm

Hi Everyone,

I am in the process of upgrading an application to CF 2021 and Coldbox6.5.2 from CF 2011 and Coldbox 3 or 4 (Cant seem to find the version). I have successfully installed the cborm and cbstorage modules and have been able to reinitialize the application. I am having some trouble getting the app to redirect correctly working and am trying to install cbsecurity. I can see that there is an old security.xml.cfm file that contains the rules for redirecting the app.

My problem is that when I try to re-init the app I get an error (see below). What is happening is something is going wrong when Security.CFC tries to load the rules loader property. I feel like this is something I’m missing in the configuration and coldbox doesn’t know where to look where to look when trying to inject the property for the rules loader.

I’m pretty new at coldfusion and have been tasked with upgrading an app I didn’t write. I would be grateful for any help the community can offer.

Thank you,

Bob

elpete · August 13, 2021, 4:50pm

Would you mind sharing:

The contents of you box.json (easiest) OR the versions of all your installed dependencies?
The contents of your config/ColdBox.cfc file? (This is where module configuration lives.)

Those two places should help us help you with this.

BobClements · August 13, 2021, 5:05pm

Absolutly! and thanks so much here is the box.json below. The config file is large would you like me to paste into the reply or is there a better way to share the file? Is there a specific section of the file you would like to see?

box.json
{

"dependencies":{

    "cborm":"^3.4.0+211",

    "cbsecurity":"^2.12.0+178",

    "cbstorages":"^2.6.1+7",

    "coldbox":"^6.5.2+37"

},

"installPaths":{

    "cborm":"modules/cborm/",

    "cbsecurity":"modules/cbsecurity/",

    "cbstorages":"modules/cbstorages/",

    "coldbox":"coldbox/"

}

}

MichaelBorn · August 13, 2021, 5:11pm

Bob, I’m not sure about Eric, but I’d say the relevant part of config/ColdBox.cfc would be the moduleSettings struct, because any cbSecurity configuration would/should be in there.

BobClements · August 13, 2021, 5:15pm

Sure, please see below. My older copy of the config file did not have this section and I added this based on the docs to point the module at the location of the rules file.

moduleSettings = {

        // CB Security

        cbSecurity : {

            "rules" : "config/security.xml.cfm"

        }

    };

BobClements · August 13, 2021, 5:24pm

So sorry but now that I have added this setting back into the config file and reinitialized the app it appears to be working. I am at the try something and see if it works phase. Perhaps one of the many things I have tried corrected this issue.

MichaelBorn · August 13, 2021, 8:23pm

No worries Bob, sometimes that’s just how it goes! Glad you got it sorted!

BobClements · August 20, 2021, 2:57pm

Hi Michael,

Looks like I accidentally deleted my reply to this post so I’m reposting. I was wrong about fixing the issue. I just thought it was working because I had commented out the interceptor in the Coldbox config file. Please see the interceptors section of my config file below. Any help you can offer is greatly appreciated.

//Register interceptors as an array, we need order

    // NOTE Removed SES interceptor CB6

    interceptors = [

        /*SES

        {class="coldbox.system.interceptors.SES",

         properties={}

        },*/

        //Security

        {class="modules.cbsecurity.interceptors.Security",

             properties={

                useRoutes=true,

                rulesSource='xml',

                rulesFile='config/security.xml.cfm',

                preEventSecurity=true

             }

        }

    ];

MichaelBorn · August 20, 2021, 3:06pm

Hmm. I’m curious, what prompted you to add the interceptor config? The Security interceptor is registered automatically for you in the cbSecurity module.

github.com

coldbox-modules/cbsecurity/blob/development/ModuleConfig.cfc#L136-140

    
      
          
          
	}
          
          
	/**
          	 * Fired when the module is registered and activated.
          	 */
          	function onLoad(){
          		// Check the global settings for rules or a rules source
          		if( settings.autoLoadFirewall ){
          			controller.getInterceptorService()
          				.registerInterceptor(
          					interceptorClass		= "cbsecurity.interceptors.Security",
          					interceptorProperties	= settings,
          					interceptorName			= "cbsecurity@global"
          				);
          		}
          	}
          
          
	/**
          	 * Fired when the module is unregistered and unloaded
          	 */

What I suspect is happening is that this interceptor is being registered too early, and it fires before the module is even loaded in ColdBox. I would remove that manual interceptor declaration from the interceptors[] array and just make sure your moduleSettings.cbSecurity config is accurate.

MichaelBorn · August 20, 2021, 3:08pm

While you’re at it, wiping and reinstalling the module would not hurt. This would ensure you have a correct and up-to-date copy of the module.

rm -rf modules/cbsecurity
box install

BobClements · August 20, 2021, 3:08pm

Ah ok thank you I will try that. The reason I added it is because it was there before, lol.

Upgrade to Coldbox 6 Troubleshooting CB Security

Latest Ortus News

GIVING BACK

HARVESTING IN SPANISH

WOODSEDGE