Adobe COLDFUSION 9 Manual page 361

Developing applications

Hide thumbs Also See for COLDFUSION 9:

Table of Contents

DEVELOPING COLDFUSION 9 APPLICATIONS

Developing CFML Applications

Example: securitytest.cfm

The securitytest.cfm page shows how any application page uses ColdFusion user authorization features. The web

server ensures the existence of an authenticated user, and the Application.cfc page ensures that the user is assigned to

roles the page content appears. The securitytest.cfm page uses the

control the information that is displayed.

The securitytest.cfm page consists of the following:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<title>Basic authentication security test page</title>

<h2>Welcome #GetAuthUser()#!</h2>

ALL Logged-in Users see this message.<br>

if (IsUserInRole("admin"))

WriteOutput("Users in the admin role see this message.<br><br>");

if (IsUserInRole("user"))

WriteOutput("Everyone in the user role sees this message.<br><br>");

Reviewing the code

The following table describes the securitytest.cfm page CFML code and its function:

<h2>Welcome #GetAuthUser()#!</h2>

ALL Logged-in Users see this message.<br>

if (IsUserInRole("admin"))

WriteOutput("Users in the admin role see this

message.<br><br>");

if (IsUserInRole("user"))

WriteOutput("Everyone in the user role sees this

message.<br><br>");

Application-based user security example

The following example shows how to implement user security by authenticating users and then allowing users to see

or use only the resources that they are authorized to access.

IsUserInAnyRole

User is already logged in by Application.cfc. Displays a welcome

message that includes the user's login ID.

Displays this message in all cases. The page does not display until a

user is logged in.

Tests whether the user belongs to each of the valid roles. If the user is

in a role, displays a message with the role name.

The user sees one message per role to which the user belongs.

Last updated 8/5/2010

functions to