models.validators

Class AuthValidator

lucee.Component
    extended by models.validators.AuthValidator
Direct Known Subclasses:
CBAuthValidator

Copyright since 2016 by Ortus Solutions, Corp www.ortussolutions.com --- This is the core validator which leverages any Authentication Service that implements cbsecurity.models.interfaces.IAuthService and any User that implements cbsecurity.models.interfaces.IAuthUser

Class Attributes:
  • threadsafe
    •  
  • singleton
    •  
  • synchronized : false
    •  
  • accessors : false
    •  
  • persistent : false
    •  
    Property Summary
    type property default serializable required
    any cbSecurity


    • access = public
    • returntype = any
    • inject = CBSecurity@cbSecurity
    		 true false
    any log


    • access = public
    • returntype = any
    • inject = logbox:logger:{this}
    		 true false
    Method Summary
    struct annotationValidator(any securedValue, any controller)
         This function is called once access to a handler/action is detected.
    struct ruleValidator(any rule, any controller)
         This function is called once an incoming event matches a security rule.
    private any validateSecurity([string permissions=''], [string roles=''])
         Validate Security on the user.
     
    Methods inherited from class lucee.Component
    None
    Property Detail

    cbSecurity

    property any cbSecurity

    Attributes:
    access - public
    required - false
    returntype - any
    inject - CBSecurity@cbSecurity
    serializable - true

    log

    property any log

    Attributes:
    access - public
    required - false
    returntype - any
    inject - logbox:logger:{this}
    serializable - true
    Method Detail

    annotationValidator

    public struct annotationValidator(any securedValue, any controller)

    This function is called once access to a handler/action is detected. You will receive the secured annotation value and an instance of the ColdBox Controller You must return a struct with three keys: - allow:boolean True, user can continue access, false, invalid access actions will ensue - type:string(authentication|authorization) The type of block that ocurred. Either an authentication or an authorization issue. - messages:string Info/debug messages

    Parameters:
    securedValue
    controller
    Returns:
    { allow:boolean, type:string(authentication|authorization), messages:string }

    ruleValidator

    public struct ruleValidator(any rule, any controller)

    This function is called once an incoming event matches a security rule. You will receive the security rule that matched and an instance of the ColdBox controller. You must return a struct with three keys: - allow:boolean True, user can continue access, false, invalid access actions will ensue - type:string(authentication|authorization) The type of block that ocurred. Either an authentication or an authorization issue. - messages:string Info/debug messages

    Parameters:
    rule
    controller
    Returns:
    { allow:boolean, type:string(authentication|authorization), messages:string }

    validateSecurity

    private any validateSecurity([string permissions=''], [string roles=''])

    Validate Security on the user

    Parameters:
    permissions - The secured value of the annotation or the rule permissions
    roles - Rule roles
    Returns:
    Security Results Struct: { allow : boolean, type : (authentication|authorization), messages : "" }