Using Custom Plugins and Coldbox

After some head rattle and some wise words from Team Coldbox, they have explained to me that Plugins in Coldbox serve there purpose of ‘enhancing and creating reusability’.

But will soon be able to plug in at certain ‘execution points’. Coldbox and AOP in the next release. Nice!

You may think Coldbox already has a few execution point with the PreHandler/PostHandler methods within the handlers(controller) themselves.
But they are limited to specific handlers.

Coldbox also allows you to designate code at the start and finish of every request using the OnRequestStartHandler RequestEndHandler event defined in your config.xml.
And on a broader level there’s an ApplicationStartHandler available in there to.

Depending on the impact of the plugin placement is for you to decide.

But for an example let’s use the idea of securing our apps. And we have Accounts withe Roles attached to them. The Roles are also tied to individual events and entire handlers depending on access.

So what should you do?

Well, if you want to ‘follow standards’, create a plugin and call it with the OnRequestStartHandler. ‘Don’t throw methods anywhere, make sure they have an identity.’ Keeping in mind encapsilation and trying to avoid dependecy. It’s those OO fundamentals again.

But sometimes its easy to slip.

For example, why not just throw an method into the securityService and call that from the PreHandler in those handlers that have events that need to be secured?

Well for starters, what if the user didn’t have access to run the event, or better yet any of the events in that handler. You could have avoided even calling upon this handler. If you had checked at the beginning of the request using the OnRequestStartHandler you could have deciphered that there was no need to make a call to that handler.

Theres another problem when you check from within the handler. You have created a dependency. That handler now needs that securityService to be there. Not good. If you had to, at least use use a plugin here. The handlers have native access to those with Coldbox. But remember, you could have stopped yourself from even getting this far.

Now let’s tighten things up a bit. Forget about making all these scattered calls to the securityService. Realize the reusability for a security module, and that its nature is that of a ‘plugin’. The purpose is to handle calls to the securityService at some point in the Request Life Cycle, call it an Interceptor. Create yourself a securityInterceptor plugin, and of course there’s a doc for writing a plugin at the

Use this to create a layer between the Coldbox framework and your custom securityService.
Your plugin will be generic enough to be shared with other Coldbox apps, and the app specific code will belong in the service.
So when a change comes along you’re only modifying your service layer.

** I am in the process of cleaning up my code examples for this. So check back in a few. **

Leave a Reply

Your email address will not be published. Required fields are marked *