Category Selected:



ColdBox Security v2.0.0 Released!

Luis Majano |  September 27, 2019

We are so excited to release The ColdBox Security Module version 2.0.0. It has been quite a few years since we did a major version of our security module, but it is worth the wait. It is just easier to say we completely rewrote it in modern CFML and introduced modern Security practices, HMVC security to modules, annotation driven security and JWT token services. Never again write API security, we got you covered! We also completelty rewrote the documentation and now we have yet another awesome security book:

install cbsecurity
update cbsecurity

There are just too many things to talk about in this release, so we will just list out the major features and you can visit our docs for the complete rundown of ColdBox Security 2.0.0.


The ColdBox cbsecurity module will enhance your ColdBox applications by providing out of the box security in the form of:

  • A security rule engine for incoming requests
  • Annotation driven security for handlers and actions
  • JWT (Json Web Tokens) generator, decoder and authentication services


  • Ability to have global security rules
  • Ability for modules to add their own security rules and action overrides
  • Ability to distinguish between authentication and authorization issues
  • Annotation driven cascading security for handlers and actions
  • Security rules can exist in:
    • XML File
    • JSON File
    • Database
    • Models
  • The rules can be configured to use regular expressions or simple snippets
  • Can use ColdFusion authentication security
  • Can leverage any custom authentication provider
  • Plug any Authentication service or can leverage cbauth by default
  • Capability to distinguish between invalid authentication and invalid authorization and determine an outcome of the process.
  • Ability to load/unload security rules from contributing modules.
  • Ability for each module to define it's own validator
Read More

See the code - How to hook into Hibernate ORM Events easily with CBORM and ColdBox

Gavin Pickin |  August 15, 2017

In my last post, I talked about How to hook into Hibernate ORM Events easily with CBORM and ColdBox. I talked through the what, why, how, but didn't get to the code. So this post, is going to go through the code and give you a real example you could use today to extend ContentBox's core Author module with your own function.

Read More

Tip of the Week: Amazing Interception Points

Brad Wood |  September 23, 2013

One of the most powerful features of ColdBox are interceptors. They follow a publisher/subscriber model that lets you decouple your application code and latch on to keys points in the ColdBox framework. You can create and announce as many custom interception points as you like, but today I want to review the built-in points that the framework provides you.

All it takes is a simple CFC and a line of config code to register a new interceptor, or "listener" that will be invoked any time an interception point is reached that the CFC is listening for. You can run your own auditing, logging, or re-route the request. Please skim through these and keep them in mind as you build your ColdBox applications.

Read More

Introducing CacheBack - A caching WireBox aspect

Curt Gratz |  February 01, 2013



A cool annotation based...

Read More

Using Custom Interception Points in ColdBox

Curt Gratz |  December 02, 2010

This is a brief tutorial on how to use custom interception points in ColdBox.  It shows what I think is a nice use case and hopefully will inspire you get your own creative juices flowing.

ColdBox Custom Interception Points - How To from Curt Gratz on Vimeo.

Again, think outside the box, be creative, and let your development flow.  I would love to hear other creative ways ColdBox users are using custom interception points, so if you use them and can share, leave a comment.

If you having trouble viewing the code on the embedded version, click the HD link and it will be much clearer.

Read More

GroovyLoader 2.0 Released

Luis Majano |  June 05, 2009
After some great conversations in the ColdBox forums, I got inspired and whipped up our next version of our GroovyLoader project, part of our projects pack that you can find in our
Read More

SES Routing Hidden Gem: Route Variables

Luis Majano |  April 15, 2009

When using ColdBox's SES routing mechanisms you will come to a point where you would like to create variables depending on when a specific route matches or not.  You can do so very easily by using the argument called matchVariables, which is a simple string of name-value pairs you want to create in the request collection (This was added in version 2.6.3).  However, a hidden feature that we just documented that has been enabled since version 2.6.0, is that you can also pass na...

Read More

Code Depot updates, new plugin and interceptor

Luis Majano |  January 14, 2009
Dutch Rapley has contributed two nice additions, a POST method plugin and a form inspector interceptor. Please check them out here in our code depot.
Read More

ColdBox and SES, its here!!

Luis Majano |  October 15, 2008

Well, the last piece of the puzzle is complete and ready for testing, SES support via ColdCourse.

Read More

SES interceptor update for ColdBox 2.5.1

Luis Majano |  October 15, 2008

Matt Quackenbush submitted this unusual behavior a few days ago and I was finally able to reproduce and fix today. Here is his excerpt:

If I browse to http://localhost/myApp/index.cfm/main/dspHome (or any other explicitly-called event), everything is good to go. However, if I browse to http://localhost/myApp/ or http://localhost/myApp/index.cfm, an exception is thrown that says: The event handler: index.cfm.dspHome is not valid registered event.
Read More