ColdBox SSL Interceptor 2 - SSL for specific events only!

Posted At : January 22, 2008 2:18 AM | Posted By : Ernst van der Linden
Related Categories: ColdBox,Coldfusion

Luis Majano blogged about my SSL interceptor today (thanks Luis for keep on building ColdBox!). Rob Gonda wrote a comment: How does it know which event has to be secured? Thanks Rob, you're right, didn't think about that. My webapp (OrgChartLive on http://behindthe.net) always uses SSL. Incase you need SSL for specific events....here's the code:

STEP 1 ColdBox.xml.cfm

SSL for SPECIFIC events:


        <Interceptor class="{YOUR APP NAME HERE}.interceptors.ssl">
            <Property name="isSSLCheck">true</Property>
            <Property name="sslEventList">user.dspUser,user.dspEditUser,general.*</Property>
        </Interceptor>

or

SSL for ALL events:


        <Interceptor class="{YOUR APP NAME HERE}.interceptors.ssl">
            <Property name="isSSLCheck">true</Property>
            <Property name="sslEventList">*</Property>
        </Interceptor>

STEP 2 ssl.cfc


<cfcomponent name="ssl" output="false" extends="coldbox.system.interceptor">

    <cffunction name="preEvent" access="public" returntype="void" output="false" >
        <cfargument name="event" required="true" type="coldbox.system.beans.requestContext">
        
        <!--- SSL check? --->
        <cfif getProperty('isSSLCheck')>
            <cfset sslCheck(arguments.event)>
        </cfif>    
        
    </cffunction>

    <cffunction name="sslCheck" access="public" returntype="void" output="false" >
        <cfargument name="event" required="true" type="coldbox.system.beans.requestContext">
         <!--- http or https? --->
        <cfif not isSSL() and isSSLRequired(arguments.event)>
            <!--- redirect with SSL (any post data is lost) --->
            <cflocation url="https://#cgi.server_name##cgi.script_name#?#cgi.query_string#" addtoken="no">
        <cfelseif isSSL() and not isSSLRequired(arguments.event)>
            <!--- redirect without SSL (any post data is lost) --->
            <cflocation url="http://#cgi.server_name##cgi.script_name#?#cgi.query_string#" addtoken="no">
        </cfif>
    </cffunction>

    <cffunction name="isSSL" access="public" returntype="boolean">
        <cfset var isSSL = false>
        <!--- SSL Connection? --->
        <cfif isBoolean(cgi.server_port_secure) and cgi.server_port_secure>
            <cfset isSSL = true>
        </cfif>
        <cfreturn isSSL>
    </cffunction>
        
    <cffunction name="isSSLRequired" access="public" returntype="boolean" output="false">
        <cfargument name="event" required="true" type="coldbox.system.beans.requestContext">
        
        <cfset var isSSLRequired = false>
         <cfset var currentEvent = LCASE( arguments.event.getCurrentEvent() )>
         <cfset var currentHandler = LCASE( arguments.event.getCurrentHandler() )>
        <cfset var sslEventList = LCASE( getProperty('sslEventList') )>
    
        <!--- SSL Required for current event? --->
        <cfif sslEventList eq "*" or ListFind(sslEventList,currentEvent) or ListFind(sslEventList,"#currentHandler#.*")>
            <cfset isSSLRequired = true>
        </cfif>    
        <cfreturn isSSLRequired>
    </cffunction>
            
</cfcomponent>

Comments (2) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 362 Views
Comments
[Add Comment]
Sana's Gravatar ohhhhh man you are really rocking.... just as ColdBox rocks.

I was looking behindthe.net... pretty fast reponse. I would suggest to use SES interceptor to improve your search engine friendly urls.
# Posted By Sana | 2/1/08 9:43 PM
Ernst van der Linden's Gravatar Sana, yip you're right, the SES interceptors rocks!
# Posted By Ernst van der Linden | 2/1/08 10:49 PM
[Add Comment]
BlogCFC was created by Raymond Camden. This blog is running version 5.9.004.