Highlighted

Authorization with LCDS

Avatar

Guest

01-04-2009

I have a flex application and LCDS running on CF8 running on JRun4 on the server.



The flex application authenticates users with LCDS security that in term uses custom-authentication together with Jrun-security to authenticate against a MySQL DB.



I use various data services in LCDS that work together with CFC's to get and set data in my DB.



I would like to do server-side authorization (not authentication) to restrict users based on - for example - their role(s). What would be the best strategy in this setup?



Kind regards.



Alexandro

Replies

Highlighted

Bill_Sahlas

02-05-2009

Hello -

Since you're using CFCs on the backend (server side) you can secure the app there.  Maybe you've already solved this but incase you didn't implement anything yet you can take a look at this link.  You should get familiar with cflogin,

cfloginuser, cflogout, GetAuthUser, IsUserInRole, Securing Applications in Developing ColdFusion MX Applications.

HTH,

Bill Sahlas

LCDS QE