We are so excited to release The ColdBox Security Module version 2.0.0. It has been quite a few years since we did a major version of our security module, but it is worth the wait. It is just easier to say we completely rewrote it in modern CFML and introduced modern Security practices, HMVC security to modules, annotation driven security and JWT token services. Never again write API security, we got you covered! We also completelty rewrote the documentation and now we have yet another awesome security book: https://coldbox-security.ortusbooks.com/
There are just too many things to talk about in this release, so we will just list out the major features and you can visit our docs for the complete rundown of ColdBox Security 2.0.0.
The ColdBox cbsecurity module will enhance your ColdBox applications by providing out of the box security in the form of:
- A security rule engine for incoming requests
- Annotation driven security for handlers and actions
- JWT (Json Web Tokens) generator, decoder and authentication services
- Ability to have global security rules
- Ability for modules to add their own security rules and action overrides
- Ability to distinguish between authentication and authorization issues
- Annotation driven cascading security for handlers and actions
- Security rules can exist in:
- XML File
- JSON File
- The rules can be configured to use regular expressions or simple snippets
- Can use ColdFusion authentication security
- Can leverage any custom authentication provider
- Plug any Authentication service or can leverage cbauth by default
- Capability to distinguish between invalid authentication and invalid authorization and determine an outcome of the process.
- Ability to load/unload security rules from contributing modules.
- Ability for each module to define it's own validator