The Ortus BlogBox

"Ortus: A rise, beginning, coming into being, born, the origin!"



Category Filtering: 'interceptors'


ColdBox Security v2.0.0 Released!

Luis Majano
Sep 27, 2019


We are so excited to release The ColdBox Security Module version 2.0.0. It has been quite a few years since we did a major version of our security module, but it is worth the wait. It is just easier to say we completely rewrote it in modern CFML and introduced modern Security practices, HMVC security to modules, annotation driven security and JWT token services. Never again write API security, we got you covered! We also completelty rewrote the documentation and now we have yet another awesome security book:

install cbsecurity
update cbsecurity

There are just too many things to talk about in this release, so we will just list out the major features and you can visit our docs for the complete rundown of ColdBox Security 2.0.0.


The ColdBox cbsecurity module will enhance your ColdBox applications by providing out of the box security in the form of:

  • A security rule engine for incoming requests
  • Annotation driven security for handlers and actions
  • JWT (Json Web Tokens) generator, decoder and authentication services


  • Ability to have global security rules
  • Ability for modules to add their own security rules and action overrides
  • Ability to distinguish between authentication and authorization issues
  • Annotation driven cascading security for handlers and actions
  • Security rules can exist in:
    • XML File
    • JSON File
    • Database
    • Models
  • The rules can be configured to use regular expressions or simple snippets
  • Can use ColdFusion authentication security
  • Can leverage any custom authentication provider
  • Plug any Authentication service or can leverage cbauth by default
  • Capability to distinguish between invalid authentication and invalid authorization and determine an outcome of the process.
  • Ability to load/unload security rules from contributing modules.
  • Ability for each module to define it's own validator
ColdBox MVC, ColdFusion, Interceptors, News, Releases, Security 0

See the code - How to hook into Hibernate ORM Events easily with CBORM and ColdBox

Gavin Pickin
Aug 15, 2017


In my last post, I talked about How to hook into Hibernate ORM Events easily with CBORM and ColdBox. I talked through the what, why, how, but didn't get to the code. So this post, is going to go through the code and give you a real example you could use today to extend ContentBox's core Author module with your own function.

ColdBox MVC, ContentBox CMS, Interceptors, ORM 0

Tip of the Week: Amazing Interception Points

Brad Wood
Sep 23, 2013


One of the most powerful features of ColdBox are interceptors. They follow a publisher/subscriber model that lets you decouple your application code and latch on to keys points in the ColdBox framework. You can create and announce as many custom interception points as you like, but today I want to review the built-in points that the framework provides you.

All it takes is a simple CFC and a line of config code to register a new interceptor, or "listener" that will be invoked any time an interception point is reached that the CFC is listening for. You can run your own auditing, logging, or re-route the request. Please skim through these and keep them in mind as you build your ColdBox applications.

ColdBox MVC, Interceptors, Tutorials 0

Introducing CacheBack - A caching WireBox aspect

Curt Gratz
Feb 01, 2013




A cool annotation based Caching Aspect for WireBox/ColdBox that provides caching without blocking requests during refresh

This interceptor will inspect objects for the 'cacheBack' annotation and if found, it will wrap it in a thread creating cache. This allows the function to be cached without waiting for it to refresh. Inspiration from God and from this library.

This aspect is a self binding
aspect for WireBox that registers itself using the annotations below
You can control the refresh rate for your cache and the timeout in a number of ways
    1) You can add an annotation to your method called refreshRate and timeout
        ie function myFunction() cacheback refreshRate=120 timeout=240 {}
        This will set cache to refresh every 2 mins and timeout every 4 mins.
    2) You can add a settings to your coldbox config called cacheBack.  The setting will be a structure with
       keys of refreshRate and timeout
        cacheBack = {refreshRate=60,timeout=120}
        This will set cache to refresh every 60 secs and timeout every 120 secs.
    3) You can use our default timeouts which are a refresh rate 18 mins and a timeout of 20 mins
All refresh rates and timeouts are in seconds

To activate this aspect you will need to map it in your WireBox binder.  This can be done like below
Then all you need to do is add the annotation cachback to your methods
myFunction() cacheback refreshRate=120 timeout=240 {}

Keep in mind like all things caching, testing and tuning is very important. This can be used in very specific scenarios when you want to keep cache refreshing, but don't want users to wait for the refresh.

The GitHub repo is available at

You can also download from our ForgeBox

Hope you enjoy.


CacheBox, ColdBox MVC, Interceptors, WireBox 1

Using Custom Interception Points in ColdBox

Curt Gratz
Dec 02, 2010


This is a brief tutorial on how to use custom interception points in ColdBox.  It shows what I think is a nice use case and hopefully will inspire you get your own creative juices flowing.

ColdBox Custom Interception Points - How To from Curt Gratz on Vimeo.

Again, think outside the box, be creative, and let your development flow.  I would love to hear other creative ways ColdBox users are using custom interception points, so if you use them and can share, leave a comment.

If you having trouble viewing the code on the embedded version, click the HD link and it will be much clearer.

ColdBox MVC, Community, Interceptors, Training, Tutorials, Tutorials, Tutorials 2

GroovyLoader 2.0 Released

Luis Majano
Jun 05, 2009


After some great conversations in the ColdBox forums, I got inspired and whipped up our next version of our GroovyLoader project, part of our projects pack that you can find in our extras download.  This version includes several updates like it sports a new interceptor called GroovyStarter that you can configure in your coldbox.xml and the entire groovy environment will wrap itself and become available in any coldbox app.  Not only that, but now you can also add any amount of java library locations and the plugin will java load them at startup into your application.  These libraries can be Spring, Hibernate, Apache Commons, etc.  And to top it off, we also added the ability to groovy load one or more paths to the loader.  Before you had to configure the groovy class path to one single location where groovy scripts/classes could be found.  Now you can do as many as you like and the loader will try to find it in any of those locations.  Pretty Snazzy!! Finally, what good is a project without documentation, so we now have the project fully documented: For those that do not know what you can do with ColdBox's GroovyLoader project, here is a simple list:
  • script in groovy in any part of the coldbox lifecycle using <groovy:script> tags
  • binding of variables between the groovy language and coldbox
  • ability to load groovy scripts
  • ability to load groovy classes with complex relationships
  • ability to load java libraries alongside groovy classes
  • no need to tweak the server or configure the server for operation
  • much more...
Look how hard it is to add groovy language support to a ColdBox App: /${Setting: AppMapping not found}/model/groovy /${Setting: AppMapping not found}/model/lib
ColdBox MVC, Interceptors, News, Plugins, Releases 1

SES Routing Hidden Gem: Route Variables

Luis Majano
Apr 15, 2009


When using ColdBox's SES routing mechanisms you will come to a point where you would like to create variables depending on when a specific route matches or not.  You can do so very easily by using the argument called matchVariables, which is a simple string of name-value pairs you want to create in the request collection (This was added in version 2.6.3).  However, a hidden feature that we just documented that has been enabled since version 2.6.0, is that you can also pass named arguments to the addCourse() method and have them created on the request collection when the route matches.  This makes it much much easier to create simple or complex variables than a simple string of name-value pairs.

Example using matchVariables:

That route will create the spaceUsed,foundAt variables in the request collection when the route matches. However, let's see how easy it is to do it using by convention name-value pairs in the method. I just added the foundAt,internalNamespace, and HashMap variables just by adding them as virtual arguments. It gets even better if you are running Railo because you can use implicit Array/Structure notation to create very complex variables. Again, this is now a documented feature in the wiki, so enjoy.
ColdBox MVC, Interceptors, Tutorials 1

Code Depot updates, new plugin and interceptor

Luis Majano
Jan 14, 2009


Dutch Rapley has contributed two nice additions, a POST method plugin and a form inspector interceptor. Please check them out here in our code depot.
ColdBox MVC, Community, Interceptors, Plugins 0

ColdBox and SES, its here!!

Luis Majano
Oct 15, 2008


Well, the last piece of the puzzle is complete and ready for testing, SES support via ColdCourse.

ColdBox MVC, Interceptors, News 8

SES interceptor update for ColdBox 2.5.1

Luis Majano
Oct 15, 2008


Matt Quackenbush submitted this unusual behavior a few days ago and I was finally able to reproduce and fix today. Here is his excerpt:

If I browse to http://localhost/myApp/index.cfm/main/dspHome (or any other explicitly-called event), everything is good to go. However, if I browse to http://localhost/myApp/ or http://localhost/myApp/index.cfm, an exception is thrown that says: The event handler: index.cfm.dspHome is not valid registered event.
ColdBox MVC, Interceptors, Tutorials 1