| Developing ColdFusion Applications |
|
|
Application Security |
|
| Developing ColdFusion Applications |
|
|
Application Security |
|
After you use cfauthenticate to check whether the user is defined for a particular security context, you can use the following security functions throughout your applications any time you need to authenticate or authorize a user:
IsAuthenticated checks whether the current session was authenticated by the cfauthenticate tag.
IsAuthorized checks whether the authenticated user has access to the named resource, based on rules defined in the security context for which the user is authenticated.
The IsAuthenticated function checks whether a cfauthenticate tag successfully executed for the current request. If not, it looks for the cfauth cookie to determine whether the user is authenticated. If you do not set a cfauth cookie with cfauthenticate, you must call cfauthenticate for every request in the application.
The IsAuthenticated function returns True if the user is authenticated for the current request; otherwise, it returns False.
If you call IsAuthenticated with the optional security_context_name parameter, the function returns True if the user is authenticated in the named security context; otherwise it returns False. The IsAuthenticated function has the following form:
IsAuthenticated("security_context_name")
After a user is authenticated, you can use the IsAuthorized function to check which resources the user is allowed to access. You define authorization levels when you create security policies on the Advanced Security page of the ColdFusion Administrator.
IsAuthorized returns True if the user is authorized to perform the specified action on the specified ColdFusion resource. IsAuthorized takes three parameters, as follows:
IsAuthorized(ResourceType, ResourceName, [ResourceAction])
For example, to check whether the authenticated user is authorized to update a data source resource called orders, use this syntax:
IsAuthorized("Datasource", "orders", "update")
In this example, the IsAuthorized function returns True if the user is authorized to update the named data source, or if the data source is not protected in the security context.
|
Note The ColdFusion Server does not check user authorization unless you specifically request it with the |
| Copyright © 2001, Macromedia Inc. All rights reserved. |
|