Authentication

Miles Rausch edited this page Jan 29, 2015 · 2 revisions

CoreConX supports simple authentication. You set an authenticator for CoreConX to use, and it exposes a public method called authenticate() that passes on to your CFC.

The authenticator Property

Getter and setter for your authenticator component path

Setter takes a string which is the component path to your authenticator CFC. Your authenticator CFC must expose an authenticate() method which the framework calls.

Example:

<cfscript>
    authenticatorComponent = 'com.authenticator';
    coreconx.setAuthenticator( authenticatorComponent );
    writeOutput( coreconx.getAuthenticator() ); // 'com.authenticator'
</cfscript>

The authenticate() Method

Alias for the authenticate() method in your authenticator

Allows one argument:

  • struct credentials = {}

Returns a boolean which is whether you're authenticated.

Credentials a simple structure. CoreConX makes no assumptions about this structure. It gets passed directly into the authenticate() method defined in your authenticator.

If no authenticator has been provided, or CoreConX cannot find or instantiate your authenticator, the authenticate() method will always return false.

Possible Example (depending on your authenticator):

<cfscript>
    authenticatorComponent = 'com.authenticator';
    coreconx.setAuthenticator( authenticatorComponent );

    writeOutput( coreconx.authenticate({ username = 'test', password = 'password' }) ); // true
    writeOutput( coreconx.authenticate({ username = 'test', password = 'testing' }) ); // false
</cfscript>

The isAutoAuthenticating Property

Getter and setter for making your application auto-authenticating.

Setter takes a boolean which tells CoreConX to check the authenticate() method every request. This is easily set using configure() via CoreConX's Application method.

Considerations:

  • CoreConX makes no assumptions about how you authenticate, so you'll need to build in some sort of client storage if you're auto-authenticating
  • If your authenticator has redirection built in, beware of infinite redirections on your login page
  • You might not always want to auto-authenticate (like when the user is literally in the act of authenticating), so you may want to use a condition to set the isAutoAuthenticating value

Example:

<cfscript>
    configure({
        isAutoAuthenticating = !isDefined('form.authenticate')
    });
</cfscript>
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.