726
Chapter 32: Using Web Services
Securing your web services
You can restrict access to your published web services to control the users allowed to invoke them.
You can use your web server to control access to the directories containing your web services, or
you can use ColdFusion security in the same way that you would to control access to any
ColdFusion page.
Controlling access to component CFC files
To browse the HTML description of a .cfc file, you request the file by specifying a URL to the file
in your browser. By default, ColdFusion secures access to all URLs that directly reference a .cfc
file, and prompts you to enter a password upon the request. Use the ColdFusion RDS password
to view the file.
To disable security on .cfc file browsing, use the ColdFusion MX Administrator to disable the
RDS password.
For more information, see
Chapter 11, “Building and Using ColdFusion Components,”
on page 219
.
Using your web server to control access
Most web servers, including IIS and Apache, implement directory access protection using the
basic HTTP authentication mechanism. When a client attempts to access one of the resources
under a protected directory, and has not properly authenticated, the web server automatically
sends back an authentication challenge, typically an HTTP Error 401 Access Denied error.
In response, the client’s browser opens a login prompt containing a username and password field.
When the user submits this information, the browser sends it back to the web server. If
authentication passes, the web server allows access to the directory. The browser also caches the
authentication data as long as it is open, so subsequent requests automatically include the
authentication data.
Web service clients can also pass the username and password information as part of the request.
The
cfinvoke
tag includes the
username
and
password
attributes that let you pass login
information to a web server using HTTP basic authentication. You can include these attributes
when invoking a web service, as the following example shows:
<cfinvoke
webservice = "http://some.wsdl"
returnVariable = "foo"
...
username="aName"
password="aPassword"
>
<cfoutput>#foo#</cfoutput>
ColdFusion inserts the username/password string in the
authorization
request header as a
base64 binary encoded string, with a colon separating the username and password. This method
of passing the username/password is compatible with the HTTP basic authentication mechanism
used by web servers.
The ColdFusion MX Administrator lets you predefine web services. As part of defining the web
service, you can specify the username and password that ColdFusion includes as part of the
request to the web service. Therefore, you do not have to encode this information using the
cfinvoke
tag. For information on defining a web service in the ColdFusion MX Administrator,
see
“Configuring web services in the ColdFusion MX Administrator” on page 718
.
Содержание ColdFusion MX
Страница 1: ...Developing ColdFusion MX Applications...
Страница 22: ...22 Contents...
Страница 38: ......
Страница 52: ...52 Chapter 2 Elements of CFML...
Страница 162: ......
Страница 218: ...218 Chapter 10 Writing and Calling User Defined Functions...
Страница 250: ...250 Chapter 11 Building and Using ColdFusion Components...
Страница 264: ...264 Chapter 12 Building Custom CFXAPI Tags...
Страница 266: ......
Страница 314: ...314 Chapter 14 Handling Errors...
Страница 344: ...344 Chapter 15 Using Persistent Data and Locking...
Страница 349: ...About user security 349...
Страница 357: ...Security scenarios 357...
Страница 370: ...370 Chapter 16 Securing Applications...
Страница 388: ...388 Chapter 17 Developing Globalized Applications...
Страница 408: ...408 Chapter 18 Debugging and Troubleshooting Applications...
Страница 410: ......
Страница 426: ...426 Chapter 19 Introduction to Databases and SQL...
Страница 476: ...476 Chapter 22 Using Query of Queries...
Страница 534: ...534 Chapter 24 Building a Search Interface...
Страница 556: ...556 Chapter 25 Using Verity Search Expressions...
Страница 558: ......
Страница 582: ...582 Chapter 26 Retrieving and Formatting Data...
Страница 668: ......
Страница 734: ...734 Chapter 32 Using Web Services...
Страница 760: ...760 Chapter 33 Integrating J2EE and Java Elements in CFML Applications...
Страница 786: ...786 Chapter 34 Integrating COM and CORBA Objects in CFML Applications...
Страница 788: ......
Страница 806: ...806 Chapter 35 Sending and Receiving E Mail...