CFIMPERSONATE gives ColdFusion developers a way to execute a segment of code CFIMPERSONATE is useful when you want to briefly grant a type of access that you'd normally withold. Suppose you're an internet service provider (ISP) who hosts ColdFusion development services. You provide a set of custom tags that let your customers add features like hit counters, guest books, and message boards to the ColdFusion applications they create. To provide this type of functionality, you'd also need to provide access to some resources that you'd probably rather keep protected. Using CFIMPERSONATE provides access to these resources in a safe manner by wrapping the functionality in a custom tag. For example, as an ISP, you definitely wouldn't want your customers to access the CFFILE tag on your servers. However, if you provided your customers with a hit counter, you'd need to let them read specific, system-maintained files, in this case, the file that contains number of hits to the customer's homepage. You'd provide the hit-counter in a custom tag that would use the CFFILE tag. To ensure that the custom tag can access the CFFILE tag, it needs a way to impersonate a trusted user while the tag is executing and then to revert back to the non-trusted user once the trusted piece of code has completed execution.
The CFIMPERSONATE tag has the following required attributes:
In addition, CFIMPERSONATE has one optional attribute:
The following example reads a protected file because the ColdFusion user "pfoley" has been granted access to the file by the security context "MyContext." If the user cannot be authenticated, ColdFusion throws a SECURITY exception.
<CFIMPERSONATE SECURITYCONTEXT="MyContext" USERNAME="pfoley" PASSWORD="admin" TYPE= "CF" THROWONFAILURE= "Yes"> <CFFILE FILE="#readFile#" ACTION="read" VARIABLE="text"> <CFOUTPUT> The file contains the following text:<BR>#text#<BR> </CFOUTPUT> </CFIMPERSONATE>