[ColdBox SEEK 3.6.0] securityInterceptor, prc scope

[Michael Casey]

I have my interceptors/securityInterceptor.cfc set up to intercept each request and run my security checks.

I need access to the prc scope in order to take something from it before running one of the checks.

I therefore add this to the preProcess() method.

var prc = event.getCollection(private=true); 

So far so good, I have the prc scope. However, it doesn't contain the variable I need.

The variable is set in the handler, in my case: 

handlers/Reservation.cfc : bookBanners() : prc.nModuKy

So, am I right in assuming that the securityInterceptor is reading the prc scope before the handler has injected the value into it?

And if so, how do I get around the problem?

[Jon Clausen]

Michael,

You need to announce the specific interception for that handler method after the variable in prc is ready for use.

announceInterception('onValidateReservationSecurity');

Then you can use the Event argument in your interceptor method:

void function onValidateReservationSecurity(Event,struct interceptData) {
    var prc = arguments.Event.getCollection(private=true);
    ...
}    

--
--
You received this message because you are subscribed to the Google Groups "ColdBox Platform" group.
For News, visit http://blog.coldbox.org
For Documentation, visit http://wiki.coldbox.org
For Bug Reports, visit https://ortussolutions.atlassian.net/browse/COLDBOX
---
You received this message because you are subscribed to the Google Groups "ColdBox Platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to coldbox+u...@googlegroups.com.
To post to this group, send email to col...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/coldbox/0c00a5ae-0e40-4453-a5fc-5896d7cc6182%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[br...@bradwood.com]

PreProcess() runs before any events have executed.  I don't understand your specific variable and what it means but you can't have an interceptor that checks a variable that doesn't exist until an event runs if the interceptor itself is supposed to be checking to see if the event should even run in the first place!!

 

Can you explain what this variable is, how it gets set, and why your security needs it?

Thanks!

~Brad

ColdBox Platform Evangelist
Ortus Solutions, Corp

E-mail: br...@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com 

 

 

--------- Original Message ---------

--

[Michael Casey]

Hi Jon

Thanks for your answer, but can you just give me some structure there?

announceInterception('onValidateReservationSecurity'); goes in my handler? 

And I place that line after I create prc.nModuKy?

And the onValidateReservationSecurity() method goes where? In the handler, or the securityInterceptor?

And how does it all relate to the preProcess() method in the securityInterceptor?

[Jon Clausen]

Hi Mike,

Replies inline:

On April 22, 2016 at 10:29:12 AM, Michael Casey (mrjung...@gmail.com) wrote:

Hi Jon

Thanks for your answer, but can you just give me some structure there?

announceInterception('onValidateReservationSecurity'); goes in my handler? 

And I place that line after I create prc.nModuKy?

Correct.

And the onValidateReservationSecurity() method goes where? In the handler, or the securityInterceptor?

In the securityInterceptor.  You’ll also need to declare that custom interception point in your Coldbox config:

interceptorSettings =
        {
             throwOnInvalidStates = false
            ,customInterceptionPoints = "onValidateReservationSecurity"
        };

And how does it all relate to the preProcess() method in the securityInterceptor?

It doesn’t, because the variable you are using is related to a specific item within a specific handler method.  Once you reach that level of specificity, you need to look at custom interception points. You can, however, use `preProcess` to check for the presence of any variables which should be available in storage scopes (Session, Cookie, Client, etc) or in the combined RC scope before the handler is invoked.

If you look at the security example in the Coldbox 3 docs, you’ll see that `preProcess` is using only storage scopes and HTTP header information:  http://wiki.coldbox.org/wiki/Interceptors.cfm  

--
--
You received this message because you are subscribed to the Google Groups "ColdBox Platform" group.
For News, visit http://blog.coldbox.org
For Documentation, visit http://wiki.coldbox.org
For Bug Reports, visit https://ortussolutions.atlassian.net/browse/COLDBOX
---
You received this message because you are subscribed to the Google Groups "ColdBox Platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to coldbox+u...@googlegroups.com.
To post to this group, send email to col...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/coldbox/35d7240f-551e-4403-abf2-405fd046968d%40googlegroups.com.