Adobe ColdFusion 8

Example: securitytest.cfm

The securitytest.cfm page shows how any application page can use ColdFusion user authorization features. Application.cfc ensures the existence of an authenticated user before the page content appears. The securitytest.cfm page uses the IsUserInAnyRole and GetAuthUser functions to control the information that is displayed.

The securitytest.cfm page consists of the following:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
    <title>Security test page</title>
</head>

<body>
<cfoutput>
    <h2>Welcome #GetAuthUser()#!</h2>
</cfoutput>

ALL Logged-in Users see this message.<br>
<br>
<cfscript>
    if (IsUserInRole("Human Resources"))
        WriteOutput("Human Resources members see this message.<br><br>");
    if (IsUserInRole("Documentation"))
        WriteOutput("Documentation members see this message.<br><br>");
    if (IsUserInRole("Sales"))
        WriteOutput("Sales members see this message.<br><br>");
    if (IsUserInRole("Manager"))
        WriteOutput("Managers see this message.<br><br>");
    if (IsUserInRole("Employee"))
        WriteOutput("Employees see this message.<br><br>");
    if (IsUserInRole("Contractor"))
        WriteOutput("Contractors see this message.<br><br>");
</cfscript>

</body>
</html>

Reviewing the code

The following table describes the securitytest.cfm page CFML code and its function:

Code

Description

<cfoutput> <h2>Welcome #GetAuthUser()#!</h2> </cfoutput>

Displays a welcome message that includes the user's login ID.

ALL Logged-in Users see this message.<br> <br>

Displays this message in all cases. The page does not display until a user is logged in.

<cfscript> if (IsUserInRole("Human Resources")) WriteOutput("Human Resources members see this message.<br><br>"); if (IsUserInRole("Documentation")) WriteOutput("Documentation members see this message.<br><br>"); if (IsUserInRole("Sales")) WriteOutput("Sales members see this message.<br><br>"); if (IsUserInRole("Manager")) WriteOutput("Managers see this message.<br><br>"); if (IsUserInRole("Employee")) WriteOutput("Employees see this message.<br><br>"); if (IsUserInRole("Contractor")) WriteOutput("Contractors see this message.<br><br>"); </cfscript>

Tests whether the user belongs to each of the valid roles. If the user is in a role, displays a message with the role name.

The user sees one message per role to which he or she belongs.