The securitytest.cfm page shows how any application page can use ColdFusion user authorization features. The web server ensures the existence of an authenticated user, and the Application.cfc page ensures that the user is assigned to roles the page content appears. The securitytest.cfm page uses the IsUserInRole and GetAuthUser functions to control the information that is displayed.
The securitytest.cfm page consists of the following:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Basic authentication security test page</title>
</head>
<body>
<cfoutput>
<h2>Welcome #GetAuthUser()#!</h2>
</cfoutput>
ALL Logged-in Users see this message.<br>
<br>
<cfscript>
if (IsUserInRole("admin"))
WriteOutput("Users in the admin role see this message.<br><br>");
if (IsUserInRole("user"))
WriteOutput("Everyone in the user role sees this message.<br><br>");
</cfscript>
</body>
</html>
The following table describes the securitytest.cfm page CFML code and its function:
| Code | Description |
|---|---|
<cfoutput> <h2>Welcome #GetAuthUser()#!</h2> </cfoutput> |
User is already logged in by Application.cfc. Displays a welcome message that includes the user's login ID. |
ALL Logged-in Users see this message.<br> <br> |
Displays this message in all cases. The page does not display until a user is logged in. |
<cfscript>
if (IsUserInRole("admin"))
WriteOutput("Users in the admin role
see this message.<br><br>");
if (IsUserInRole("user"))
WriteOutput("Everyone in the user role
sees this message.<br><br>");
</cfscript>
|
Tests whether the user belongs to each of the valid roles. If the user is in a role, displays a message with the role name. The user sees one message per role to which the user belongs. |