Blog About Contact

ColdBox SSL Interceptor 2 - SSL for specific events only!

Posted At : January 22, 2008 2:18 AM | Posted By : Ernst van der Linden
Related Categories: ColdBox,Coldfusion

Luis Majano blogged about my SSL interceptor today (thanks Luis for keep on building ColdBox!). Rob Gonda wrote a comment: How does it know which event has to be secured? Thanks Rob, you're right, didn't think about that. My webapp (OrgChartLive on http://behindthe.net) always uses SSL. Incase you need SSL for specific events....here's the code:

STEP 1 ColdBox.xml.cfm

SSL for SPECIFIC events:

        <Interceptor class="{YOUR APP NAME HERE}.interceptors.ssl">
            <Property name="isSSLCheck">true</Property>
            <Property name="sslEventList">user.dspUser,user.dspEditUser,general.*</Property>
        </Interceptor>

or

SSL for ALL events:

        <Interceptor class="{YOUR APP NAME HERE}.interceptors.ssl">
            <Property name="isSSLCheck">true</Property>
            <Property name="sslEventList">*</Property>
        </Interceptor>

STEP 2 ssl.cfc

<cfcomponent name="ssl" output="false" extends="coldbox.system.interceptor">

    <cffunction name="preEvent" access="public" returntype="void" output="false" >
        <cfargument name="event" required="true" type="coldbox.system.beans.requestContext">

        
        <cfif getProperty('isSSLCheck')>
            <cfset sslCheck(arguments.event)>
        </cfif>

    </cffunction>

    <cffunction name="sslCheck" access="public" returntype="void" output="false" >
        <cfargument name="event" required="true" type="coldbox.system.beans.requestContext">
         
        <cfif not isSSL() and isSSLRequired(arguments.event)>
            
            <cflocation url="https://#cgi.server_name##cgi.script_name#?#cgi.query_string#" addtoken="no">
        <cfelseif isSSL() and not isSSLRequired(arguments.event)>
            
            <cflocation url="http://#cgi.server_name##cgi.script_name#?#cgi.query_string#" addtoken="no">
        </cfif>
    </cffunction>

    <cffunction name="isSSL" access="public" returntype="boolean">
        <cfset var isSSL = false>
        
        <cfif isBoolean(cgi.server_port_secure) and cgi.server_port_secure>
            <cfset isSSL = true>
        </cfif>
        <cfreturn isSSL>
    </cffunction>

    <cffunction name="isSSLRequired" access="public" returntype="boolean" output="false">
        <cfargument name="event" required="true" type="coldbox.system.beans.requestContext">

        <cfset var isSSLRequired = false>
         <cfset var currentEvent = LCASE( arguments.event.getCurrentEvent() )>
         <cfset var currentHandler = LCASE( arguments.event.getCurrentHandler() )>
        <cfset var sslEventList = LCASE( getProperty('sslEventList') )>

        
        <cfif sslEventList eq "*" or ListFind(sslEventList,currentEvent) or ListFind(sslEventList,"#currentHandler#.*")>
            <cfset isSSLRequired = true>
        </cfif>
        <cfreturn isSSLRequired>
    </cffunction>

</cfcomponent>

Send |

Digg It! |

Linking Blogs | 1680 Views

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)

[Add Comment]

ohhhhh man you are really rocking.... just as ColdBox rocks.

I was looking behindthe.net... pretty fast reponse. I would suggest to use SES interceptor to improve your search engine friendly urls.

# Posted By Sana | 2/1/08 9:43 PM

Sana, yip you're right, the SES interceptors rocks!

# Posted By Ernst van der Linden | 2/1/08 10:49 PM

This doesn't work if you're using SES urls. I'm still playing around with it but it seems that on "preprocess", the SES interceptor has not yet done it's thing and so the "getCurrentEvent()" method is not returning the right event.

If I change "preProcess" to "preRender", the url redirected. Again, I'm still playing around with it but I wanted to bring it up.

# Posted By Gabriel | 3/6/09 3:05 AM

[Add Comment]

Search

Tags

coldbox coldfusion other server side software

Recent Entries

No recent entries.

Archives by Subject

ColdBox (32) [RSS]
Coldfusion (29) [RSS]
Flex (3) [RSS]
other (12) [RSS]
Server Side (10) [RSS]
Software (17) [RSS]
Spry (5) [RSS]

Subscribe

Enter your email address to subscribe to this blog.

Recent Comments

ColdBox JQueryUI Plugin
Ernst van der Linden said: Exactly, the plugin only uses the js-files which are needed for the current request. [More]

ColdBox JQueryUI Plugin
Judah McAuley said: That makes sense. When I implemented it on my own, I just used the jquery-ui-1.8.1-custom.min.js fil... [More]

ColdBox JQueryUI Plugin
Ernst van der Linden said: Judah, the development-bundle folder is what you need. I renamed the folder to JQueryUI (screenshot... [More]

ColdBox JQueryUI Plugin
Judah McAuley said: The folder structure for jQueryUI that I downloaded doesn't look at all like what you show in the sc... [More]

ColdBox JQueryUI Plugin
Ernst van der Linden said: Thanks Judah, You were right. Somehow version 1.1 did not make it to the download section. Just upl... [More]

NAVIGATION

Home

RSS

BlogCFC was created by Raymond Camden. This blog is running version 5.9.004.