Defining a Security Context

The Security Context is a logical set of resources grouped together from an administrative perspective. It does not necessarily correspond to a ColdFusion application or resource name. As its name suggests, the security context is used to establish a context in which authentication and authorization actions are carried out.

For example, you might create a security context for a particular application development effort. Within this context, you define users, groups, and rules that apply to the developers who are working on the project. Another example: You define a context for intranet users of the application you want to deploy. According to their group affiliation, different rules apply, enabling or preventing various actions based on their login.

The context establishes which types of resources you want to protect.

To define a security context:

Open the Advanced Server Security page and click the Security Contexts button.
Enter a security context name and click Add.
This is a logical name that defines the scope of the security domain. Later, in your application pages, developers use this name in the CFAUTHENTICATE tag.
In the New Security Context page, add a description of the security context.
Choose the Resource Types this context governs.
Avoid selecting ColdFusion resources that you do not intend to secure with this context, since doing so can needlessly affect performance.
The Add Existing User Directories box is checked by default to let you add users to this context automatically.
Click Add.
The security context is registered. Next, you define the resources and policies for this context.

Advanced ColdFusion Administration
Configuring Advanced Security