You can use the cftry
and cfcatch
tags to catch security exceptions. Setting the type
attribute in cfcatch
to "Security"
enables you to catch failures in the cfauthenticate
tag. You can also catch failures from the IsAuthorized
or IsAuthenticated
functions.
Set the cfauthenticate
throwOnFailure
attribute to Yes
and enclose the tag in a cftry
/cfcatch
block if you want to handle possible exceptions programmatically.
For information on exception-handling strategies in ColdFusion, see "Exception handling strategies".
This example shows the use of exception handling with cfauthenticate
in an Application.cfm file. The cfauthenticate
tag authenticates a user and sets the security context for an application.
If the user is not already defined in the system, you can either reject the page, request that the user respecify the username and password, or define a new user. The following example just rejects the page request and displays a message:
<html>
<head> <title>cfauthenticate Example</title> </head> <body> <h3>cfauthenticate Example></h3> <!--- This code is from an Application.cfm file ---> <cftry> <cfauthenticate securityContext="MyApplicationSC" username=#user# password=#pwd#> <cfcatch type="Security"> <!--- The message to display ---> <h3>Authentication error</h3> <!--- display a message. Alternatively, you might place code here to define the user to the security context. ---> <cfoutput> <p>#cfcatch.Message#</p> </cfoutput> </cfcatch> </cftry> <cfapplication name="Personnel"> </body> </html>