Scribd Logo
Carica

Benvenuto in Scribd!

  • Adobe ColdFusion 9 - Application-Based User Security Example

    Caricato da

    Art Longs
    101 visualizzazioni6 pagine
    This document provides an example of implementing user authentication and authorization in a ColdFusion application. It includes three pages: Application.cfc handles authentication by checking for a logged in user, displaying a login form if needed, and authenticating credentials. loginform.cfm displays the login form. securitytest.cfm is a sample page that displays the user's roles if they are logged in. Application.cfc ensures a user is authenticated before other pages run and provides a logout link. Together these pages demonstrate basic user login and access control in ColdFusion.

    Descrizione originale:

    Titolo originale

    Adobe ColdFusion 9 _ Application-based User Security Example

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    This document provides an example of implementing user authentication and authorization in a ColdFusion application. It includes three pages: Application.cfc handles authentication by checking for a logged in user, displaying a login form if needed, and authenticating credentials. loginform.cfm displays the login form. securitytest.cfm is a sample page that displays the user's roles if they are logged in. Application.cfc ensures a user is authenticated before other pages run and provides a logout link. Together these pages demonstrate basic user login and access control in ColdFusion.

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    101 visualizzazioni6 pagine

    Adobe ColdFusion 9 - Application-Based User Security Example

    Caricato da

    Art Longs
    This document provides an example of implementing user authentication and authorization in a ColdFusion application. It includes three pages: Application.cfc handles authentication by checking for a logged in user, displaying a login form if needed, and authenticating credentials. loginform.cfm displays the login form. securitytest.cfm is a sample page that displays the user's roles if they are logged in. Application.cfc ensures a user is authenticated before other pages run and provides a logout link. Together these pages demonstrate basic user login and access control in ColdFusion.

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 6

    AdobeColdFusion9

    Productsupport

    Search

    Thisreferenceonly

    ViewHelpPDF(23MB)

    Home/DevelopingColdFusion9Applications/DevelopingCFMLApplications/SecuringApplications/
    Implementingusersecurity

    Applicationbasedusersecurityexample
    Example:Application.cfc
    Example:loginform.cfm
    Example:securitytest.cfm
    Thefollowingexampleshowshowtoimplementusersecuritybyauthenticatingusersandthenallowinguserstoseeoruseonlythe
    resourcesthattheyareauthorizedtoaccess.
    ThisexamplehasthreeColdFusionpages:
    TheApplication.cfcpagecontainstheauthenticationlogicthatcheckswhetherauserisloggedin,requeststheloginpageif
    theuserisnotloggedin,andauthenticatesthedatafromtheloginpage.Iftheuserisauthenticated,itlogstheuserin.
    Thispagealsoincludestheonebuttonformandlogicforloggingoutauser,whichappearsatthetopofeachpage.
    Theloginform.cfmpagedisplaystheloginform.ThecodeonthispagecouldalsobeincludedinApplication.cfc.
    Thesecuritytest.cfmpageisasampleapplicationpage.Itdisplaystheloggedinusersroles.
    TestthesecuritybehaviorbyaddingyourownpagestothesamedirectoryastheApplication.cfcpage.
    TheexamplegetsuserinformationfromtheLoginInfotableofthecfdocexamplesdatabasethatisinstalledwithColdFusion.Youcan
    replacethisdatabasewithanydatabasecontainingUserID,Password,andRolesfields.Thesampledatabasecontainsthefollowing
    data:
    UserID

    Password

    Roles

    BobZ

    Ads10

    Employee,Sales

    JaniceF

    Qwer12

    Contractor,Documentation

    RandalQ

    ImMe

    Employee,HumanResources,Manager

    Becausespacesaremeaningfulinrolesstrings,donotfollowthecommaseparatorsintheRolesfieldswithspaces.

    Example:Application.cfc
    TheApplication.cfcpageconsistsofthefollowing:

    <cfcomponent>
    <cfsetThis.name="Orders">
    <cfsetThis.Sessionmanagement="True">
    <cfsetThis.loginstorage="session">

    <cffunctionname="OnRequestStart">
    <cfargumentname="request"required="true"/>
    <cfifIsDefined("Form.logout")>
    <cflogout>
    </cfif>

    <cflogin>
    <cfifNOTIsDefined("cflogin")>
    <cfincludetemplate="loginform.cfm">
    <cfabort>
    <cfelse>
    <cfifcflogin.nameIS""ORcflogin.passwordIS"">
    <cfoutput>
    <h2>YoumustentertextinboththeUserNameandPasswordfields.
    </h2>
    </cfoutput>
    <cfincludetemplate="loginform.cfm">
    <cfabort>
    <cfelse>

    <cfqueryname="loginQuery"dataSource="cfdocexamples">
    SELECTUserID,Roles
    FROMLoginInfo
    WHERE
    UserID='#cflogin.name#'
    ANDPassword='#cflogin.password#'
    </cfquery>
    <cfifloginQuery.RolesNEQ"">
    <cfloginusername="#cflogin.name#"Password="#cflogin.password#"
    roles="#loginQuery.Roles#">
    <cfelse>
    <cfoutput>
    <H2>Yourlogininformationisnotvalid.<br>
    PleaseTryagain</H2>
    </cfoutput>
    <cfincludetemplate="loginform.cfm">
    <cfabort>
    </cfif>
    </cfif>
    </cfif>
    </cflogin>

    <cfifGetAuthUser()NEQ"">
    <cfoutput>
    <formaction="securitytest.cfm"method="Post">
    <inputtype="submit"Name="Logout"value="Logout">
    </form>
    </cfoutput>
    </cfif>

    </cffunction>
    </cfcomponent>

    Reviewingthecode
    TheApplication.cfcpageexecutesbeforethecodeineachColdFusionpageinanapplication.Formoreinformationonthe
    Application.cfcpageandwhenitisexecuted,seeDesigningandOptimizingaColdFusionApplication.
    ThefollowingtabledescribestheCFMLcodeinApplication.cfcanditsfunction:
    Code

    <cfcomponent>
    <cfsetThis.name="Orders">
    <cfsetThis.Sessionmanagement="True">
    <cfsetThis.loginstorage="session">

    <cffunctionname="OnRequestStart">
    <cfargumentname="request"required="true"/>

    Description
    Identifiesthe
    application,
    enablessession
    management,
    andenables
    storinglogin
    informationin
    theSession
    scope.
    Beginsthe
    definitionofthe
    onRequestStart
    methodthat
    runsatthe
    startsofeach
    request.

    <cfifIsDefined("Form.logout")>
    <cflogout>
    </cfif>

    <cflogin>
    <cfifNOTIsDefined("cflogin")>
    <cfincludetemplate="loginform.cfm">

    Iftheuserjust
    submittedthe
    logoutform,
    logsoutthe
    user.The
    followingcflogin
    tagrunsasa
    result.
    Runsifthereis
    nologgedin
    user.
    Teststoseeif

    <cfabort>

    theuserhas
    submitteda
    loginform.If
    not,uses
    cfincludeto
    displaythe
    form.Thebuilt
    incflogin
    variableexists
    andcontainsthe
    usernameand
    passwordonlyif
    theloginform
    usedj_username
    andj_password
    fortheinput
    fields.
    Thecfaborttag
    prevents
    processingof
    anycodethat
    followsonthis
    page.

    <cfelse>
    <cfifcflogin.nameIS""ORcflogin.passwordIS"">
    <cfoutput>
    <h2>YoumustentertextinboththeUserNameandPasswordfields.</h2>
    </cfoutput>
    <cfincludetemplate="loginform.cfm">
    <cfabort>

    Runsiftheuser
    submitteda
    loginform.
    Teststomake
    surethatboth
    nameand
    passwordhave
    data.Ifeither
    variableis
    empty,displays
    amessage,
    followedbythe
    loginform.
    Thecfaborttag
    prevents
    processingof
    anycodethat
    followsonthis
    page.

    <cfelse>
    <cfqueryname="loginQuery"dataSource="cfdocexamples">
    SELECTUserID,Roles
    FROMLoginInfo
    WHERE
    UserID='#cflogin.name#'
    ANDPassword='#cflogin.password#'
    </cfquery>

    <cfifloginQuery.RolesNEQ"">
    <cfloginusername="#cflogin.name#"Password="#cflogin.password#"roles="#loginQuery.Roles#">

    Runsiftheuser
    submitteda
    loginformand
    bothfields
    containdata.
    Usesthecflogin
    structuresname
    andpassword
    entriestofind
    theuserrecord
    inthedatabase
    andgetthe
    usersroles.
    Ifthequery
    returnsdatain
    theRolesfield,
    logsintheuser
    usingtheusers
    nameand
    passwordand
    theRolesfield
    fromthe
    database.In
    thisapplication,
    everyusermust

    beinsomerole.

    <cfelse>
    <cfoutput>
    <H2>Yourlogininformationisnotvalid.<br>
    PleaseTryagain</H2>
    </cfoutput>
    <cfincludetemplate="loginform.cfm">
    <cfabort>

    Runsifthe
    querydidnot
    returnarole.If
    thedatabaseis
    valid,this
    meansthere
    wasnoentry
    matchingthe
    userIDand
    password.
    Displaysa
    message,
    followedbythe
    loginform.
    Thecfaborttag
    prevents
    processingof
    anycodethat
    followsonthis
    page.

    </cfif>
    </cfif>
    </cfif>
    </cflogin>

    Endsthe
    loginquery.Roles
    testcode.
    Endstheform
    entryempty
    valuetest.
    Endstheform
    entryexistence
    test.
    Endsthe
    cflogintag
    body.

    <cfifGetAuthUser()NEQ"">
    <cfoutput>
    <formaction="securitytest.cfm"method="Post">
    <inputtype="submit"Name="Logout"value="Logout">
    </form>
    </cfoutput>
    </cfif>

    Ifauseris
    loggedin,
    displaysthe
    Logoutbutton.
    Iftheuserclicks
    thebutton,
    poststheform
    tothe
    applications
    (theoretical)
    entrypage,
    index.cfm.
    Application.cfc
    thenlogsout
    theuserand
    displaysthe
    loginform.If
    theuserlogsin
    again,
    ColdFusion
    displays
    index.cfm.

    </cffunction>
    </cfcomponent>

    Endsthe
    onRequestStart
    method
    Endsthe
    Application
    component.

    Example:loginform.cfm

    Theloginform.cfmpageconsistsofthefollowing:

    <H2>PleaseLogIn</H2>
    <cfoutput>
    <formaction="#CGI.script_name#?#CGI.query_string#"method="Post">
    <table>
    <tr>
    <td>username:</td>
    <td><inputtype="text"name="j_username"></td>
    </tr>
    <tr>
    <td>password:</td>
    <td><inputtype="password"name="j_password"></td>
    </tr>
    </table>
    <br>
    <inputtype="submit"value="LogIn">
    </form>
    </cfoutput>

    Reviewingthecode
    Thefollowingtabledescribestheloginform.cfmpageCFMLcodeanditsfunction:
    Code

    Description
    Displaystheloginform.

    <H2>PleaseLogIn</H2>
    <cfoutput>
    <formaction="#CGI.script_name#?#CGI.query_string#"method="Post">
    <table>
    <tr>
    <td>username:</td>
    <td><inputtype="text"name="j_username"></td>
    </tr>
    <tr>
    <td>password:</td>
    <td><inputtype="password"name="j_password"></td>
    </tr>
    </table>
    <br>
    <inputtype="submit"value="LogIn">
    </form>
    </cfoutput>

    Constructstheformactionattributefrom
    CGIvariables,witha?characterpreceding
    thequerystringvariable.Thistechnique
    worksbecauseloginform.cfmisaccessedby
    acfincludetagonApplication.cfc,sothe
    CGIvariablesarethosefortheoriginally
    requestedpage.

    TheformrequestsauserIDandpassword
    andpoststheusersinputtothepage
    specifiedbythenewurlvariable.
    Usesthefieldnamesj_usernameand
    j_password.ColdFusionautomaticallyputs
    formfieldswiththesevaluesinthe
    cflogin.nameandcflogin.passwordvariables
    insidethecflogintag.

    Example:securitytest.cfm
    Thesecuritytest.cfmpageshowshowanyapplicationpagecanuseColdFusionuserauthorizationfeatures.Application.cfcensures
    theexistenceofanauthenticateduserbeforethepagecontentappears.Thesecuritytest.cfmpageusestheIsUserInAnyRoleand
    GetAuthUserfunctionstocontroltheinformationthatisdisplayed.
    Thesecuritytest.cfmpageconsistsofthefollowing:

    <!DOCTYPEHTMLPUBLIC"//W3C//DTDHTML4.01Transitional//EN">
    <html>
    <head>
    <title>Securitytestpage</title>
    </head>

    <body>
    <cfoutput>
    <h2>Welcome#GetAuthUser()#!</h2>
    </cfoutput>

    ALLLoggedinUsersseethismessage.<br>
    <br>
    <cfscript>
    if(IsUserInRole("HumanResources"))

    WriteOutput("HumanResourcesmembersseethismessage.<br><br>");
    if(IsUserInRole("Documentation"))
    WriteOutput("Documentationmembersseethismessage.<br><br>");
    if(IsUserInRole("Sales"))
    WriteOutput("Salesmembersseethismessage.<br><br>");
    if(IsUserInRole("Manager"))
    WriteOutput("Managersseethismessage.<br><br>");
    if(IsUserInRole("Employee"))
    WriteOutput("Employeesseethismessage.<br><br>");
    if(IsUserInRole("Contractor"))
    WriteOutput("Contractorsseethismessage.<br><br>");
    </cfscript>

    </body>
    </html>

    Reviewingthecode
    Thefollowingtabledescribesthesecuritytest.cfmpageCFMLcodeanditsfunction:
    Code

    Description

    <cfoutput>
    <h2>Welcome#GetAuthUser()#!</h2>
    </cfoutput>

    ALLLoggedinUsersseethismessage.<br>
    <br>

    <cfscript>
    if(IsUserInRole("HumanResources"))
    WriteOutput("HumanResourcesmembersseethismessage.<br><br>");
    if(IsUserInRole("Documentation"))
    WriteOutput("Documentationmembersseethismessage.<br><br>");
    if(IsUserInRole("Sales"))
    WriteOutput("Salesmembersseethismessage.<br><br>");
    if(IsUserInRole("Manager"))
    WriteOutput("Managersseethismessage.<br><br>");
    if(IsUserInRole("Employee"))
    WriteOutput("Employeesseethismessage.<br><br>");
    if(IsUserInRole("Contractor"))
    WriteOutput("Contractorsseethismessage.<br><br>");
    </cfscript>

    Displaysawelcomemessagethatincludes
    theusersloginID.

    Displaysthismessageinallcases.Thepage
    doesnotdisplayuntilauserisloggedin.

    Testswhethertheuserbelongstoeachofthe
    validroles.Iftheuserisinarole,displaysa
    messagewiththerolename.
    Usersseeonemessageperrolethatthey
    belong.

    TwitterandFacebookpostsarenotcoveredunderthetermsofCreativeCommons.

    Home/DevelopingColdFusion9Applications/DevelopingCFMLApplications/SecuringApplications/
    Implementingusersecurity

    LegalNotices|OnlinePrivacyPolicy

    Potrebbero piacerti anche