cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

Page Authentication

wannab0133
Community Beginner ,
Apr 21, 2012 Apr 21, 2012

Copy link to clipboard

Copied

I have an application where I am setting user roles using cfloginuser.  I restrict some pages depending on roles.  I am just using a if statement at the top of the page similar to this:

<cfif IsUserInRole("admin")>
     PAGE CONTENT
<cfelse>
          <cflocation url="unathorized.cfm" addtoken="no">
</cfif>

This is working fine, but I am now wanting to expand the roles.  I want to display or reject each page depending on the roles.  However, I am not wanting to add an if statement to every page.  Can anyone point me to a better method?  I know I am missing something very easy, but I would like an easy non-obtrusive way to do this.  Thanks for the suggestions.

Views

993

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 5 Replies 5
latest latest Jump to latest reply
Adam Cameron.
LEGEND ,
Apr 22, 2012 Apr 22, 2012

Copy link to clipboard

Copied

You could shift the logic into the onRequest() interceptor, perhaps?

--

Adam

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
wannab0133
Community Beginner ,
Apr 25, 2012 Apr 25, 2012

Copy link to clipboard

Copied

In Response To Adam Cameron.

I broke down and put the logic in the onrequest function of the application.cfc  I went ahead and made a table and added a record for every secured page and the role required to view it.  I just didn't want to have to read a table for every page load, but it works fine.  If anyone has a better suggestion, I'd love to hear it.  Thanks.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Upen1
Participant ,
Apr 26, 2012 Apr 26, 2012

Copy link to clipboard

Copied

In Response To wannab0133

Just a suggestion don't know whether it is applicable for your case or not.

- If we will store the user roles in session variable and store the secure page information in  cache. Then we will do the the same as Adam suggested then I think it will improve the execution time.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adam Cameron.
LEGEND ,
Apr 26, 2012 Apr 26, 2012

Copy link to clipboard

Copied

In Response To wannab0133

I broke down and put the logic in the onrequest function of the application.cfc  I went ahead and made a table and added a record for every secured page and the role required to view it.  I just didn't want to have to read a table for every page load, but it works fine.  If anyone has a better suggestion, I'd love to hear it.  Thanks.

Well that stuff is application-wide, yes?  So you could just load it once in onApplicationStart, and put it in an application variable.

--
Adam

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
BKBK Community Expert
Community Expert ,
Apr 26, 2012 Apr 26, 2012

Copy link to clipboard

Copied

LATEST

wannab0133 wrote:

I have an application where I am setting user roles using cfloginuser.  I restrict some pages depending on roles.  I am just using a if statement at the top of the page similar to this:

<cfif IsUserInRole("admin")>
     PAGE CONTENT
<cfelse>
          <cflocation url="unathorized.cfm" addtoken="no">
</cfif>

This is working fine, but I am now wanting to expand the roles.  I want to display or reject each page depending on the roles.  However, I am not wanting to add an if statement to every page.  Can anyone point me to a better method?  I know I am missing something very easy, but I would like an easy non-obtrusive way to do this.  Thanks for the suggestions.

Did you say non-obtrusive? I find this a tigress of a question masquerading as a homely pussycat!

First of all, there are known restrictions in any implementation of onRequest in Application.cfc. For example, you won't be able to run CFCs for web services, flash remoting or event gateways.

Login, permissions and page flow are determined on a request by request basis. Therefore, the code you need will have to be in a scope that is more fine-grained than session or application. That brings us to request. Since we have ruled out the onRequest event, we have to settle for the only remaining contender, onRequestStart.

Let's say, for simplicity, that user IDs are U1, U2, U3, ... an so on. Similarly we assume role IDs are R1, R2, ... and authorized-page IDs, P1, P2, P3, .... That you can use onRequestStart to do login and assign roles is an established fact.

Such login and permission assignment are essentially a product of the relation between the set of users, U = {U1, U2, U3, ...} and the set of roles, R = {R1, R2, R3, ...}. The functionality you seek is between the set R and the set of pages, P = {P1, P2, P3, ...}. Sounds all nice and easy till we stumble on the fact the relations U <=> R and R <=> P are many-to-many. You cannot translate a many-to-many relation directly into a relational database model. This means you will likely have to redesign your database model.

One way to solve the problem is to introduce so-called junction tables within the relations U <=> R and R <=> P. Whatever design route you choose to follow, there is one well-known guideline that will ensure you stay on course, Ferraiolo and Kuhn's Role-Based Access Control(RBAC). This is everything but non-obtrusive, I hope you will agree!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2023 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices