Manualshelf

User Guide

ManualsBrandsMacromedia ManualsOtherCOLDFUSION 5-DEVELOPING APPLICATIONS
371372373374375376377378379380
360 Chapter 19 Application Security
Authentication and Authorization Functions
After you use cfauthenticate to check whether the user is defined for a particular
security context, you can use the following security functions throughout your
applications any time you need to authenticate or authorize a user:
IsAuthenticated checks whether the current session was authenticated by the
cfauthenticate tag.
IsAuthorized checks whether the authenticated user has access to the named
resource, based on rules defined in the security context for which the user is
authenticated.
Using the IsAuthenticated function
The IsAuthenticated function checks whether a cfauthenticate tag successfully
executed for the current request. If not, it looks for the
cfauth cookie to determine
whether the user is authenticated. If you do not set a
cfauth cookie with
cfauthenticate, you must call cfauthenticate for every request in the application.
The
IsAuthenticated function returns True if the user is authenticated for the
current request; otherwise, it returns False.
If you call IsAuthenticated with the optional security_context_name parameter,
the function returns True if the user is authenticated in the named security context;
otherwise it returns False. The IsAuthenticated function has the following form:
IsAuthenticated("security_context_name")
Using the IsAuthorized function
After a user is authenticated, you can use the IsAuthorized function to check which
resources the user is allowed to access. You define authorization levels when you
create security policies on the Advanced Security page of the ColdFusion
Administrator.
IsAuthorized returns True if the user is authorized to perform the specified action
on the specified ColdFusion resource.
IsAuthorized takes three parameters, as
follows:
IsAuthorized(ResourceType, ResourceName, [ResourceAction])
For example, to check whether the authenticated user is authorized to update a data
source resource called orders, use this syntax:
IsAuthorized("Datasource", "orders", "update")
In this example, the IsAuthorized function returns True if the user is authorized to
update the named data source, or if the data source is not protected in the security
context.