Speck CMS - A simple content management system for ColdFusion

you are here: home > documentation > users and security > security files

• Getting Started
  • Speck Concepts
  • System Requirements
  • Installing
  • Upgrading
  • Hello Speck!
  • Articles
  • Caching
• Sample Application
  • Installing
  • Displaying Content
  • Managing Content
• Application Configuration
  • Settings
  • Keywords
  • Globalization
  • UI Customisation
• Building Applications
  • Application Initialisation
  • Creating Content Pages
  • Creating Content Types
  • Built-in Content Types
  • Built-in Property Types
  • Event Handlers
  • Context Sensitive Help
• Users and Security
  • Security Files
  • User Sessions
  • Access Control
  • Password Encryption
  • Reserved Roles
• Optimising Performance
  • Output Caching
  • Query Caching
  • Unnecessary Processing
  • Database Performance

Security Files

Each Speck security zone consists of three security configuration files that define the users, groups and roles for the zone. All three files have similar features...

They each contain an options section, where the source of the security information and other options are set. At the moment, the only supported sources are "file" and "database". Note that Speck does not create database tables for users, groups and roles, the database option is available to allow Speck to be integrated with existing user databases.

Each file must also contain a section for the defined source and can contain sections for other sources if for example one source is used during application testing and another when the application is deployed. For an example security zone, have a look at the sydneyjabiru files in /webapps/speck/config/security.

Where the source is file, a setting is added for each user, group or role (depending on the security file). In the users file, each setting is a user and each value is a list containing the user's full name, password and (optionally) email address. e.g.

mwoods=Mark Woods,yerman,mark@thickpaddy.com

Note that the passwords are plain text in the sydneyjabiru files, but encrypted passwords can also be used; see the Password Encryption section for more info on this.

In the groups file, each setting is a group and each value is a list of users. In the roles file, each setting is a role and each value list of accessors. An accessor can either be a user or a group, so users can be explicitly listed as having a role or they can be members of a group who have that role.

For security configuration files where the source is database, there must be a database section with settings containing information about the datasource and SQL queries required for obtaining user, group or role information. There are three datasource related settings, which are common to the database section in all three security files.

Setting	Required	Description
datasource	No	The datasource to use when executing queries to read user information. Defaults to value of codb application setting.
Username	No	Datasource username. Default "".
Password	No	Datasource password. Default ""

The SQL queries required differ depending on whether the file contains information about users, groups or roles.

Note: Speck assumes that an opening square bracket indicates the start of a section, whether the opening square bracket is the first character on a new line or not. This means you cannot us square brackets to quote identifiers in your SQL. If you need to quote an identifer, use double-quotes rather than square brackets.

User queries:

Setting / Query	Required	Description
userlist	Yes	SQL to return a query containing a list of all users. The query columns returned must be user, fullname, password and email. The email column is optional. e.g. "SELECT user, fullname, password, email FROM users"
userget	Yes	SQL to return a query containing information for a particular user. The query columns returned must be named fullname, password and email. The email column is optional. A % character must be included in the value, which will be replaced by the username in question before the query is executed. e.g. "SELECT fullname, password, email FROM users where user=%"

Group queries:

Setting / Query	Required	Description
grouplist	Yes	SQL to return a query containing a list of all groups. The query returned must contain a group column. e.g. "SELECT group FROM groups"
groupusers	Yes	SQL to return a query with all the members of group. The query returned must contain a user column.. A % character must be included in the value, which will be replaced by the group in question before the query is executed. e.g. "SELECT user FROM usergroup where group=%"
usergroups	Yes	SQL to return a query with all the groups a user is a member of. The query returned must contain a group column.. A % character must be included in the value, which will be replaced by the user in question before the query is executed. e.g. "SELECT group FROM usergroup where user=%"

Role queries:

Setting / Query	Required	Description
roleslist	Yes	SQL to return a query containing a list of all roles. The query returned must contain a role column. e.g. "SELECT role FROM roles"
roleaccessors	Yes	SQL to return a query with all the accessors who have a specific role. The query returned must contain an accessor column.. A % character must be included in the value, which will be replaced by the role in question before the query is executed. e.g. "SELECT accessor FROM roleaccessor where role=%"
accessorroles	Yes	SQL to return a query with an accessor's roles. The query returned must contain a role column.. A % character must be included in the value, which will be replaced by the accessor in question before the query is executed. e.g. "SELECT role FROM roleaccessor where accessor=%"