Developing ColdFusion Applications Previous Up One Level Next Search
Application Security


Catching Security Exceptions

You can use the cftry and cfcatch tags to catch security exceptions. Setting the type attribute in cfcatch to "Security" enables you to catch failures in the cfauthenticate tag. You can also catch failures from the IsAuthorized or IsAuthenticated functions.

Set the cfauthenticate throwOnFailure attribute to Yes and enclose the tag in a cftry/cfcatch block if you want to handle possible exceptions programmatically.

For information on exception-handling strategies in ColdFusion, see "Exception handling strategies".

Example

This example shows the use of exception handling with cfauthenticate in an Application.cfm file. The cfauthenticate tag authenticates a user and sets the security context for an application.

If the user is not already defined in the system, you can either reject the page, request that the user respecify the username and password, or define a new user. The following example just rejects the page request and displays a message: 

<html>


<head>

  <title>cfauthenticate Example</title>

</head>



<body>

<h3>cfauthenticate Example></h3>



<!--- This code is from an Application.cfm file --->



<cftry>

  <cfauthenticate securityContext="MyApplicationSC"

    username=#user#

    password=#pwd#>

  <cfcatch type="Security">

    <!--- The message to display --->

    <h3>Authentication error</h3>

<!--- display a message. Alternatively, you might place code 

  here to define the user to the security context. --->

    <cfoutput>

    <p>#cfcatch.Message#</p>

    </cfoutput>

  </cfcatch>

</cftry>



<cfapplication name="Personnel">



</body>

</html>
Copyright © 2001, Macromedia Inc. All rights reserved. Previous Up Next Search

Banner.Novgorod.Ru