Before we get into the new security framework in ColdFusion MX, it’s important that we cover a few important changes from previous versions of ColdFusion. In versions prior to MX, ColdFusion supported a set of Advanced Security services that integrated with an OEM version of Netegrity’s popular SiteMinder (Version 3.51 for ColdFusion 4.5.x and Version 4.11 for ColdFusion 5.0) security product for providing granular control within ColdFusion applications. Advanced Security was a bear to use and a nightmare to administer, to say the least. Macromedia dropped the Advanced Security services in ColdFusion MX in favor of a simpler system that uses Java as the underlying service.

This system makes uses of several new tags and functions to provide authentication and authorization functionality in your applications. Additionally, the new system is roles based, meaning that group-level permissions are inherent in its design. To get an idea of just how this new system works and how it differs from the security framework we built in the previous section, let’s rework our portal application to make use of ColdFusion MX’s built-in security framework. We’ll start by rewriting the authentication piece of the portal.