Allows you to impersonate a user defined in a security context defined in Advanced Security. The ColdFusion Application Server enforces all the privileges and restrictions that have been set up for that user with the Advanced Security rules.
<CFIMPERSONATE SECURITYCONTEXT="SecurityContext" USERNAME="Name" PASSWORD="Password" TYPE= "CF" or "OS"> ... HTML or CFML code to execute ... </CFIMPERSONATE>
Required. The security context in which the user should be authenticated. If the impersonation type is "CF ," then you should specify a security context that has already been defined using the ColdFusion Advanced Security Administrator. If the impersonation type is "OS," then you should specify an NT domain as the security context.
Required. The user name of the user you want to impersonate. You can create a rule within ColdFusion Advanced Security to restrict a user from being impersonated within a security context.
Required. The password of the user that you want to impersonate.
Required. The type of impersonation needed. This attribute can have the value - "CF " for impersonation at the application level or "OS" for impersonation at the operating system level. Operating System level impersonation means that the impersonation is of a user known to the operating system. Currently, this type of impersonation is available only for Windows NT and not for UNIX. When this type of impersonation is in effect, the operating system will automatically perform access control for access to any resources managed by the operating system such as files and directories. This is fast, since ColdFusion is not doing any extra checking, the OS is, but the OS is limited since only resources that are protected by the operating systemare protected. For example, the operating system cannot check for resource types such as Application, data sources etc.
CFIMPERSONATE is typically used to run a block of code in a secure mode. For impersonation of type "CF," there is automatic enforcement of access control of ColdFusion resources such as files, data sources, and collections between the start and end tags of CFIMPERSONATE. If CF type impersonation is turned on, the ColdFusion engine enforces the rules and policies specified for the user in the Advanced Security section of the ColdFusion Administrator. Therefore, there is no need to make multiple isAuthorized() calls in the code to protect each resource.
Refer to Administering ColdFusion Server for more information about Advanced Security.
<!--- This example shows the use of CFIMPERSONATE to impersonate a person with the user name Bill and the password BJ4YE.---> <HTML> <HEAD> <TITLE>CFIMPERSONATE Example</TITLE> </HEAD> <BODY> <CFIMPERSONATE SECURITYCONTEXT="testContext" USERNAME="Bill" PASSWORD="BJ4YE" TYPE= "CF"> ... </CFIMPERSONATE> </BODY> </HTML>