description	icon
Enterprise-grade security for ColdBox applications with authentication, authorization, JWT, CSRF protection, and comprehensive security headers.	sunglasses

Introduction

Enterprise Security for ColdBox Applications

CBSecurity is a comprehensive security framework for ColdBox applications, providing enterprise-grade authentication, authorization, and protection mechanisms. It combines multiple security modules into a cohesive, easy-to-use security platform that helps developers build secure applications with minimal effort.

Security Visualizer - Monitor and configure your security settings

🎯 Core Security Capabilities

CBSecurity provides a multi-layered security approach with the following key capabilities:

🔐 Authentication & Authorization

• Security Firewall - Rule-based request protection using security rules engine and handler annotations
• Authentication Manager (cbauth) - Pluggable authentication system compatible with any authentication provider
• Basic Authentication - Built-in HTTP Basic Auth support with credential storage and browser challenge handling
• Authorization Service - Functional security API for authorization checks across all application layers

🎫 Token Management

• JWT Services (jwtcfml) - Complete JSON Web Token implementation with generation, decoding, and validation
• Access & Refresh Tokens - Native support for JWT-based authentication flows
• Token Storage - Flexible token storage with multiple backend options

🛡️ Security Protections

• CSRF Protection (cbcsrf) - Cross-Site Request Forgery protection for form submissions
• Security Headers - Industry-standard HTTP response headers (CSP, HSTS, X-Frame-Options, XSS Protection)
• Password Generator - Cryptographically secure random password generation

📊 Management & Monitoring

• Security Visualizer - Graphical interface for monitoring firewall activity and managing security configurations
• Rule Engine - Flexible security rules supporting XML, JSON, database, and model-based configurations
• Module Integration - Allows modules to contribute their own security rules and validation logic

🧩 Module Composition

CBSecurity is built on a modular architecture that integrates several specialized security modules:

The framework leverages cbstorages for flexible storage backends and seamlessly integrates with the ColdBox ecosystem to provide comprehensive security coverage across your entire application.

⭐ Key Features

📋 Flexible Security Rules

• Multiple Storage Options - Define rules in XML, JSON, databases, or ColdBox models
• Regular Expression Support - Use regex patterns or simple string matching for rule definitions
• Modular Rules - Modules can contribute their own security rules with custom validation logic
• Dynamic Rule Loading - Load and unload security rules at runtime from contributing modules

🔒 Advanced Authorization

• Annotation-Driven Security - Secure handlers and actions using ColdBox annotations
• Cascading Security - Hierarchical security rules from global to handler to action level
• Functional API - Injectable security service for authorization checks in any application layer
• Custom Validators - Each module can define its own security validator implementation

🔑 Authentication Flexibility

• Multiple Authentication Providers - Works with cbauth, ColdFusion native authentication, or custom providers
• Provider Agnostic - Implements standard interfaces allowing any authentication system integration
• Basic Authentication - Built-in HTTP Basic Auth with credential storage
• JWT Token Management - Complete support for JWT access and refresh token workflows

⚡ Security Response Handling

• Granular Control - Distinguish between authentication failures and authorization denials
• Customizable Actions - Configure different responses for invalid authentication vs. authorization
• Event-Driven - Hook into security events for custom logging, monitoring, or response handling

📜 License

CBSecurity is open-source software licensed under the Apache License 2.0.

📚 Resources

📖 Documentation & Support

• Documentation - https://coldbox-security.ortusbooks.com
• Source Code - https://github.com/coldbox-modules/cbsecurity
• Issue Tracker - https://github.com/coldbox-modules/cbsecurity/issues
• Community Forum - https://community.ortussolutions.com/c/box-modules/cbsecurity/

💬 Getting Help

The ColdBox community is active and ready to help:

• Community Forum - Ask questions and share knowledge with other developers
• GitHub Issues - Report bugs and request features
• Professional Support - Enterprise support available through Ortus Solutions

🏢 Professional Open Source

CBSecurity is professionally developed and supported by Ortus Solutions, Corp, a leader in CFML consulting and development.

🚀 Enterprise Services

Ortus Solutions offers comprehensive professional services for CBSecurity and the ColdBox Platform:

• 🛠️ Custom Development - Tailored security solutions for your specific requirements
• 👨‍🏫 Professional Support & Mentoring - Expert guidance from the creators of ColdBox
• 📚 Training - Official ColdBox and security training programs
• 🔍 Architecture & Code Reviews - Expert evaluation of your security implementation
• ⚡ Performance Optimization - Server tuning and application optimization
• 🔐 Security Hardening - Comprehensive security audits and hardening services

Learn more about our services

---

🙏 HONOR GOES TO GOD ABOVE ALL

Because of His grace, this project exists. If you don't like this, then don't read it; it's not for you.

"Therefore being justified by faith, we have peace with God through our Lord Jesus Christ: By whom also we have access by faith into this grace wherein we stand, and rejoice in hope of the glory of God." Romans 5:5