Table of Contents
Advertisement
The following table describes the CFML code in Application.cfm and its function:
Code
<cfapplication name="Orders"
<cflogin>
<cfif IsDefined( "cflogin" )>
<cfif cflogin.name eq "admin">
<cfset roles = "user,admin">
<cfelse>
<cfset roles = "user">
</cfif>
<cfloginuser name = "#cflogin.name#"
password = "#cflogin.password#"
roles = "#roles#" />
<cfelse>
<!--- this should never happen --->
<h4>Authentication data is missing.</h4>
Try to reload the page or contact the
site administrator.
<cfabort>
</cfif>
</cflogin>
Example: securitytest.cfm
The securitytest.cfm page shows how any application page can use ColdFusion user authorization
features. The web server ensures the existence of an authenticated user, and the Application.cfm
page ensures that the user is assigned to roles the page content appears. The securitytest.cfm page
uses the
IsUserInRole
The securitytest.cfm page consists of the following:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Basic authentication security test page</title>
</head>
<body>
<cfoutput>
<h2>Welcome #GetAuthUser()#!</h2>
</cfoutput>
ALL Logged-in Users see this message.<br>
<br>
<cfscript>
if (IsUserInRole("admin"))
WriteOutput("Users in the admin role see this message.<br><br>");
if (IsUserInRole("user"))
WriteOutput("Everyone in the user role sees this message.<br><br>");
</cfscript>
</body>
</html>
and
functions to control the information that is displayed.
GetAuthUser
Description
Identifies the application. The login information on
this page only applies to this application.
Executes if there is no logged-in user.
Makes sure the user is correctly logged-in by the
web server. (Otherwise, there would be no
variable.)
cflogin
Sets a roles variable based on the user's ID.
Assigns users named "admin" to the admin role.
Assigns all other users to the users role.
Logs the user into the ColdFusion security system
and specifies the user's password, name, and
roles. Gets the password and name directly from
the cflogin structure.
This code should never run, but if the user
somehow got to this page without logging in to the
web server, this message would display and
ColdFusion would stop processing the request.
Ends the if/else block.
Ends the
tag body.
cflogin
Implementing user security
359
Advertisement
Table of Contents
Troubleshooting
Related Manuals for MACROMEDIA COLDFUSION MX 61-DEVELOPING COLDFUSION MX
Related Products for MACROMEDIA COLDFUSION MX 61-DEVELOPING COLDFUSION MX
- MACROMEDIA COLDFUSION MX 61-CFML
- MACROMEDIA COLDFUSION MX 61-GETTING STARTED BUILDING COLDFUSION MX
- MACROMEDIA COLDFUSION MX 61 - INSTALLING COLDFUSION MX FOR IBM WEBSPHERE APPLICATION SERVER
- MACROMEDIA COLDFUSION MX 61 - CONFIGURING AND ADMINISTERING COLDFUSION MX
- MACROMEDIA COLDFUSION MX 7.0.2-USING COLDFUSION MX WITH FLEX 2
- MACROMEDIA 38000382 - Macromedia JRun - Mac
- MACROMEDIA 38028779 - Macromedia Dreamweaver - Mac
- MACROMEDIA BREEZE