Taking Advantage of ColdFusion MX’s New Security Framework
Before we get into the new security framework in ColdFusion MX, it’s important that we cover a few important changes from previous versions of ColdFusion. In versions prior to MX, ColdFusion supported a set of Advanced Security services that integrated with an OEM version of Netegrity’s popular SiteMinder (Version 3.51 for ColdFusion 4.5.x and Version 4.11 for ColdFusion 5.0) security product for providing granular control within ColdFusion applications. Advanced Security was a bear to use and a nightmare to administer, to say the least. Macromedia dropped the Advanced Security services in ColdFusion MX in favor of a simpler system that uses Java as the underlying service.
This system makes uses of several new tags and functions to provide authentication and authorization functionality in your applications. Additionally, the new system is roles based, meaning that group-level permissions are inherent in its design. To get an idea of just how this new system works and how it differs from the security framework we built in the previous section, let’s rework our portal application to make use of ColdFusion MX’s built-in security framework. We’ll start by rewriting the authentication piece of the portal.
Authenticating Users
ColdFusion MX supports two different types of authentication, application-based and HTTP (web server)-based. We’ll cover both methods in this chapter, but I’d like to start out with a discussion of application-based ...
Get Programming ColdFusion MX, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.