In this post I will guide you through setting up cbSecurity with the flexible cbAuth validator and annotation based security. Before we start let’s look at the basics, as described in Getting Started | Overview at https://coldbox-security.ortusbooks.com.
When you install and configure the
cbsecurity module it will wrap itself around the
preProcess interception point. This point happens before any event execution in coldbox and thus is the perfect point to inspect incoming requests. The cbsecurity interceptor will try to validate your request against a configured validator. The validator will tell back if you are allowed access, and if not , what kind of validation is broken: authentication or authorization.
- Authentication is when a user is not logged in
- Authorization is when a user does not have the right permissions to access an event handler or event action
I’v been a long time user of
cbsecurity v1.x, a security rule engine for. validation incoming request. I think most people have written code for authenticating users and validation their request in some ways, and probably many of you have written and modified this code over and over again. Cbsecurity v1 has been around for a long time, but some people complained it was hard to understand and/or too complex. in the mean time other security modules such as
cbguard were released which were a bit more limited but easier to use. In februari Ortus released
cbsecurity version 2 and in subsequent months more and more features were added, resulting in a product which covers a lot of your security needs.
In my opinion the usability of
cbsecurity has increased a lot, but there are many options to choose from. In a series of blog posts I will try to show you what different possibilities you’ll have to use
cbsecurity to your advantage.