I have to create a web service in ColdFusion. I have tried the below 2 ways. Can anyone help me to find which one is the best way (Both Performance and security enhancement basis)
First Way
Created a cfm page like below;
<cfset result = StructNew() />
<cfset resultStruct = StructNew() />
<cfset validStruct = StructNew() />
<cfset VARIABLES.Sample = CreateObject("component","main.webservice.Sample")>
<cfif NOT isDefined("URL.method")>
<cfset result['status'] = false >
<cfset result['message'] = 'method is missing' />
<cfoutput>#SerializeJSON(result)#</cfoutput>
<cfabort>
</cfif>
<cfswitch expression="#URL.method#">
<cfcase value="get">
<cfset fieldList = "name">
<cfset validStruct = validate(fieldList) />
<cfif validStruct['status']>
<cfset resultStruct = VARIABLES.Sample.get(argumentCollection=URL) />
</cfif>
<cfoutput>#SerializeJSON(resultStruct)#</cfoutput>
<cfbreak>
</cfcase>
<cfcase value="put">
<cfset fieldList = "name,value">
<cfset validStruct = validate(fieldList) />
<cfif validStruct['status']>
<cfset resultStruct = VARIABLES.Sample.put(argumentCollection=URL) />
</cfif>
<cfoutput>#SerializeJSON(resultStruct)#</cfoutput>
<cfbreak>
</cfcase>
<cfdefaultcase>
<cfset result['status'] = false >
<cfset result['message'] = 'Not a valid method' />
<cfoutput>#SerializeJSON(result)#</cfoutput>
<cfbreak>
</cfdefaultcase>
</cfswitch>
And Created a cfc named 'Sample' under webservice folder and called like above.
WebService URL
http://test.com/webservice/Sample.cfm?method=get&name=test
Second Way
Called directly from the CFC Sample
Sample.CFC
<cfcomponent displayname="Sample" hint="Sample WebService" output="false">
<cffunction name="get" access="remote" returntype="struct" returnformat="json">
<cfargument name="name" required="true" type="string" >
<cfreturn StructNew() />
</cffunction>
<cffunction name="put" access="remote" returntype="struct" returnformat="json">
<cfargument name="name" required="true" type="string" >
<cfargument name="value" required="true" type="string" >
<cfreturn StructNew() />
</cffunction>
</cfcomponent>
WebService URL
http://test.com/webservice/Sample.CFC?method=get&name=test
The second method is the standard way to do WebServices in CFML. Along with the functionality, you are seeking you get standards based WSDL returns and definitions. It's a case of rebuilding the wheel. I'm sure the underlying CF code for ws could be optimized, but it's pretty good as is and has been field-tested by millions.
I would suggest setting up RESTful web services in ColdFusion. Here is an excellent article to get you started.
There's also Taffy which claims to make it simpler, although I have not used it.
Related
I have defined a datasource in the admin console of ColdFusion Admin. I have declared the configuration with the same datasource name in set_datasource_util file. I have a webpage that connects to a DB(Oracle) using the datasource given and it works fine most of the time. But lately I am starting to see exceptions like "Variable datasource-name(my app name) is undefined". I am not able to identify the root cause as I am not able to recreate it as it works most of the time. I can say on average on 1000 hits of page, it fails 1 time with that exception. Can anyone help in identifying what could be the possible issue so that I can investigate in that direction.
I have configured WOCD080P_ABC in CFAdmin.
Below is the code from Application.cfm
<cfif client.securityLevel NEQ ''>
<cfinvoke component="#siteroot#.CFC.Set_Data_Source_Util" method="fnSetABCDataSource" returnvariable="ABCDataSourceDefinition">
<cfinvokeargument name="Environment" value="#variables.thisServerType#" />
</cfinvoke>
<cfif ABCDataSourceDefinition.DataSource NEQ 'Error'>
<cfset DATASOURCE_ABC = ABCDataSourceDefinition.DataSource />
<cfset DBUSER_ABC = ABCDataSourceDefinition.DBUser />
<cfset DBPASSWORD_ABC = ABCDataSourceDefinition.DBPassword />
</cfif>
</cfif>
Below is the code from Set_datasource_UTil :
<cffunction name="fnSetABCDataSource" access="public" returntype="struct">
<cfargument name="Environment" type="string" required="yes">
<cfset ReturnParameters = StructNew() />
<cfif Environment IS 'prod'>
<cfset ReturnParameters.DataSource = 'WOCD080P_ABC' />
<cfset ReturnParameters.DBUser = ''/>
<cfset ReturnParameters.DBPassword = '' />
<cfelse>
<cfset ReturnParameters.DataSource = 'WOCD080T_ABC'/>
<cfset ReturnParameters.DBUser = ''/>
<cfset ReturnParameters.DBPassword = '' />
</cfif>
<cfreturn ReturnParameters>
</cffunction>
Below is the code which i am executing from HTML file.
<cfinvoke component="#siteroot#.cfc.ABC_UTIL" method="GetRegion" returnVariable = "USregion" >
<cfinvokeargument name="dbSource" value=#DATASOURCE_ABC# />
<cfinvokeargument name="dbUser" value=#DBUSER_ABC# />
<cfinvokeargument name="dbPass" value=#DBPASSWORD_ABC# />
</cfinvoke>
The code in the HTML file works most of the time but breaks sometime with error Variable DATASOURCE_ABC not defined.
Any help appreciated.
Please ensure you are using the var keyword for local variables inside of CFC Functions:
<cfset var ReturnParameters = StructNew() />
CF9+ local scope can be used in lieu of var:
<cfset local.ReturnParameters = StructNew() />
For extra protection, improve this statement in your application.cfm:
<cfif isDefined("ABCDataSourceDefinition.DataSource")
AND ABCDataSourceDefinition.DataSource NEQ 'Error'>
<cfset DATASOURCE_ABC = ABCDataSourceDefinition.DataSource />
<cfset DBUSER_ABC = ABCDataSourceDefinition.DBUser />
<cfset DBPASSWORD_ABC = ABCDataSourceDefinition.DBPassword />
</cfif>
Also, the could be another source of why a datasource is not being defined. I assume you have an interceptor that catches that before this datasource error occurs and sends them to a login page or something.
I was wondering if there is any strings centralization in ColdFusion similar to Android strings.xml file.
So, that my code remains intact if i want to do any changes in string
ColdFusion is a programming language, not a user interface framework.
There is nothing like Android's string resource management built into ColdFusion, but it would be very easy to implement that yourself.
resources/strings.xml:
<!-- keep as a structure with unique element names -->
<strings>
<heading>This is a test.</heading>
<greetings>
<hello>Hello World!</hello>
<bye>Goodbye World!</bye>
</greetings>
</strings>
ColdFusion utility function (for example in a CFC component util.cfc):
<cffunction name="ReadResouceXml" returntype="struct" access="public" output="no">
<cfargument name="path" type="string" required="yes">
<!--- internal use argument --->
<cfargument name="xmlDoc" type="xml" required="no">
<cfset var xmlElem = "">
<cfset var output = StructNew()>
<!--- read XML file from disk --->
<cfif not StructKeyExists(arguments, "xmlDoc")>
<cffile action="read" file="#ExpandPath(path)#" variable="xmlDoc" charset="UTF-8">
<cfset xmlDoc = XmlParse(xmlDoc).XmlRoot>
</cfif>
<!--- recursively convert XML to a CF struct --->
<cfloop index="i" from="1" to="#ArrayLen(xmlDoc.XmlChildren)#">
<cfset xmlElem = xmlDoc.XmlChildren[i]>
<cfif ArrayLen(xmlElem.XmlChildren) gt 0>
<cfset output[xmlElem.XmlName] = ReadResouceXml("", xmlElem)>
<cfelse>
<cfset output[xmlElem.XmlName] = xmlElem.XmlText>
</cfif>
</cfloop>
<cfreturn output>
</cffunction>
Coldfusion usage:
<cfobject type="component" name="util" component="util">
<cfset strings = util.ReadResouceXml("resources/strings.xml")>
<cfoutput>
<h1>#strings.heading#</h1>
#strings.greetings.hello# - #strings.greetings.bye#
</cfoutput>
I am trying to write a session helper and facing to problem to test if a Struct key in session exists?
I am trying like
<cffunction name="Exists" access="public" output="false" returntype="boolean" >
<cfargument name="Key" required="true" type="Any" />
<cfreturn Evaluate( "StructKeyExists( Session, #Arguments.Key# )" ) />
</cffunction>
Where I am calling the function like
<cfif Exists("data.fromdate") >
...
</cfif>
How should I write it?
Thanks
if you are checking to see if key "Test" exists in the session struct, try something like this:
<cffunction name="Exists" access="public" output="false" returntype="boolean" >
<cfargument name="Key" required="true" type="String" />
<cfreturn StructKeyExists(session, arguments.Key) />
</cffunction>
<cfif Exists("Test") >
....
</cfif>
Another concept, or two, since you are looking for a struct within the session would be:
<cffunction name="Exists" access="public" output="false" returntype="boolean" >
<cfargument name="Key" required="true" type="String" />
<cfreturn (structKeyExists(session, listFirst(arguments.Key,"."))
AND structKeyExists(session[listFirst(arguments.Key,".")], listLast(arguments.Key, "."))) />
</cffunction>
<cfif Exists("data.Test") >
....
</cfif>
and
<cffunction name="Exists" access="public" output="false" returntype="boolean" >
<cfargument name="struct" required="true" type="String" />
<cfargument name="Key" required="true" type="String" />
<cfreturn (structKeyExists(session, arguments.struct)
AND structKeyExists(session[arguments.struct], arguments.key)) />
</cffunction>
<cfif Exists("data", "Test") >
....
</cfif>
Hope all this helps point you in the right direction, good luck!
The following code will check any depth struct, and also correctly locks the Session scope.
<cffunction name="Exists" access="public" output="false" returntype="boolean">
<cfargument name="Key" required="true" type="string">
<cfset local.mainKeyList = ListChangeDelims(ListDeleteAt(Arguments.Key, ListLen(Arguments.Key, "."), "."), ",", ".")>
<cfset local.StructChain = "Session">
<cfloop list="#local.mainKeyList#" index="local.CurrentKey">
<cfset local.StructChain &= '["#local.CurrentKey#"]'>
</cfloop>
<cflock scope="session" type="readonly" timeout="3">
<cftry>
<cfset local.Exists = StructKeyExists(Evaluate(local.StructChain), ListLast(Arguments.Key, "."))>
<cfcatch>
<cfset local.Exists = false>
</cfcatch>
</cftry>
</cflock>
<cfreturn local.Exists>
</cffunction>
<cflock scope="session" type="exclusive" timeout="3">
<cfset Session.data.log.deep = "I'm here!">
</cflock>
<cfoutput>#Exists("data.log.deep")#</cfoutput>
Hopefully the amount of code in this function will justify why a helper function would be useful, to those pondering your reasons. This doesn't currently, but could be enhanced to, deal with Structs inside of Arrays as well. This also doesn't deal with an empty Arguments.Key, or fail gracefully on a cflock timeout, but should get you started.
Additionally, those that want to comment that cflock isn't required, please read the ColdFusion cflock docs first.
Simplified, but may provide inaccurate results in extremely rare conditions
Doing an IsDefined inline in your code will provide the opportunity for false positives, however having the IsDefined inside a udf or cfc method reduces this risk greatly to the point it may not need be a consideration. If you're happy to take that chance then you can simplify the function using IsDefined as Peter Boughton suggests.
<cffunction name="Exists" access="public" output="false" returntype="boolean">
<cfargument name="Key" required="true" type="string">
<cflock scope="session" type="readonly" timeout="3">
<cfset local.Exists = IsDefined("Session." & Arguments.Key)>
</cflock>
<cfreturn local.Exists>
</cffunction>
As Al Everett mentioned above, I don't remember the last time I had an app that didn't have session enabled. I guess if you can't be sure of that, then it makes sense to see if Session exists. My code for this would include:
<!--- in the application.cfc --->
<cffunction name="onSessionStart" output="false">
<!--- default session structure, you can also add default values to the data
structure here to ensure they exist later --->
<cfset session.data = {} />
</cffunction>
<!--- then in code use structKeyExists instead of a whole new function --->
<cfif structKeyExists(session.data, myKey)>
<!--- if you really wanted the "exists" function --->
<cffunction name="dataKeyExists" returntype="boolean" output="false">
<cfargument name="key" required="true" />
<cfreturn structKeyExists(session.data, arguments.key) />
</cffunction>
Depending on what's going on, I might choose to pass in the session to maintain encapsulation. But it doesn't always make sense to be a slave to OO and introduce complexity just for the sake of maintaining a pattern. Passing in the session structure and evaluating the key is really just a big workaround to using the "structKeyExists" function.
I also dislike having a function called "exists" because it tells me nothing about what it's really evaluating. I'd assume a function like that was like "isDefined" and more generic than just testing for a key in a specific structure.
<cfif structkeyexists(session, "data") and structkeyexists(session["data"], key)>
...
</cfif>
Why not just call <cfif isNull(session.data.fromdate)>
If the key data does not exist in session it will not throw, just returns false.
Is there a recommended (and preferably free) way in ColdFusion to access a remote file that is protected by NTLM authentication? The cfhttp tag appears to only support Basic authentication.
This CFX Tag - CFX_HTTP5 - should do what you need. It does cost $50, but perhaps it's worth the cost? Seems like a small price to pay.
Here is some code I found in:
http://www.bpurcell.org/downloads/presentations/securing_cfapps_examples.zip
There are also examples for ldap, webservices, and more.. I'll paste 2 files here so you can have an idea, code looks like it should still work.
<cfapplication name="example2" sessionmanagement="Yes" loginStorage="Session">
<!-- Application.cfm -->
<!-- CFMX will check for authentication with each page request. -->
<cfset Request.myDomain="allaire">
<cfif isdefined("url.logout")>
<CFLOGOUT>
</cfif>
<cflogin>
<cfif not IsDefined("cflogin")>
<cfinclude template="loginform.cfm">
<cfabort>
<cfelse>
<!--Invoke NTSecurity CFC -->
<cfinvoke component = "NTSecurity" method = "authenticateAndGetGroups"
returnVariable = "userRoles" domain = "#Request.myDomain#"
userid = "#cflogin.name#" passwd = "#cflogin.password#">
<cfif userRoles NEQ "">
<cfloginuser name = "#cflogin.name#" password = "#cflogin.password#" roles="#stripSpacesfromList(userRoles)#">
<cfset session.displayroles=stripSpacesfromList(userRoles)><!--- for displaying roles only --->
<cfelse>
<cfset loginmessage="Invalid Login">
<cfinclude template="loginform.cfm">
<cfabort>
</cfif>
</cfif>
</cflogin>
<!-- strips leading & trailing spaces from the list of roles that was returned -->
<cffunction name="stripSpacesfromList">
<cfargument name="myList">
<cfset myArray=listtoarray(arguments.myList)>
<cfloop index="i" from="1" to="#arraylen(myArray)#" step="1">
<!--- <cfset myArray[i]=replace(trim(myArray[i]), " ", "_")>
out<br>--->
<cfset myArray[i]=trim(myArray[i])>
</cfloop>
<cfset newList=arrayToList(myArray)>
<cfreturn newList>
</cffunction>
This is the cfc that might be of interest to you:
<!---
This component implements methods for use for NT Authentication and Authorization.
$Log: NTSecurity.cfc,v $
Revision 1.1 2002/03/08 22:40:41 jking
Revision 1.2 2002/06/26 22:46 Brandon Purcell
component for authentication and authorization
--->
<cfcomponent name="NTSecurity" >
<!--- Authenticates the user and outputs true on success and false on failure. --->
<cffunction name="authenticateUser" access="REMOTE" output="no" static="yes" hint="Authenticates the user." returntype="boolean">
<cfargument name="userid" type="string" required="true" />
<cfargument name="passwd" type="string" required="true" />
<cfargument name="domain" type="string" required="true" />
<cftry>
<cfscript>
ntauth = createObject("java", "jrun.security.NTAuth");
ntauth.init(arguments.domain);
// authenticateUser throws an exception if it fails,
ntauth.authenticateUser(arguments.userid, arguments.passwd);
</cfscript>
<cfreturn true>
<cfcatch>
<cfreturn false>
</cfcatch>
</cftry>
</cffunction>
<!---
Authenticates the user and outputs true on success and false on failure.
--->
<cffunction access="remote" name="getUserGroups" output="false" returntype="string" hint="Gets user groups." static="yes">
<cfargument name="userid" type="string" required="true" />
<cfargument name="domain" type="string" required="true" />
<cftry>
<cfscript>
ntauth = createObject("java", "jrun.security.NTAuth");
ntauth.init(arguments.domain);
groups = ntauth.GetUserGroups(arguments.userid);
// note that groups is a java.util.list, which should be
// equiv to a CF array, but it's not right now???
groups = trim(groups.toString());
groups = mid(groups,2,len(groups)-2);
</cfscript>
<cfreturn groups>
<cfcatch>
<cflog text="Error in ntsecurity.cfc method getUserGroups - Error: #cfcatch.message#" type="Error" log="authentication" file="authentication" thread="yes" date="yes" time="yes" application="no">
<cfreturn "">
</cfcatch>
</cftry>
</cffunction>
<!---
This method combines the functionality of authenticateUser and getUserGroups.
--->
<cffunction access="remote" name="authenticateAndGetGroups" output="false" returntype="string" hint="Authenticates the user and gets user groups if it returns nothing the user is not authticated" static="yes">
<cfargument name="userid" type="string" required="true" />
<cfargument name="passwd" type="string" required="true" />
<cfargument name="domain" type="string" required="true" />
<cftry>
<cfscript>
ntauth = createObject("java", "jrun.security.NTAuth");
ntauth.init(arguments.domain);
// authenticateUser throws an exception if it fails,
// so we don't have anything specific here
ntauth.authenticateUser(arguments.userid, arguments.passwd);
groups = ntauth.GetUserGroups(arguments.userid);
// note that groups is a java.util.list, which should be
// equiv to a CF array, but it's not right now
groups = trim(groups.toString());
groups = mid(groups,2,len(groups)-2);
</cfscript>
<cfreturn groups>
<cfcatch>
<cfreturn "">
</cfcatch>
</cftry>
</cffunction>
</cfcomponent>
If the code from Brandon Purcell that uses the jrun.security.NTauth class doesn't work for you in cf9 (it didn't for me) the fix is to use the coldfusion.security.NTAuthentication class instead. Everything worked fine for me.
You could try following the guidance here: http://cfsilence.com/blog/client/index.cfm/2008/3/17/ColdFusionSharepoint-Integration--Part-1--Authenticating
Here is what it boils down to you doing:
edit the client-config.wsdd
Change
<transport
name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender">
</transport>
to
<transport
name="http"
pivot="java:org.apache.axis.transport.http.CommonsHTTPSender">
</transport>
In my case I fixed this problem using 'NTLM Authorization Proxy Server'
http://www.tldp.org/HOWTO/Web-Browsing-Behind-ISA-Server-HOWTO-4.html
work fine for me :)
I have been building a list of CFC best practices to share.
There are a numerous of articles out there but I thought it might be neat to get any tricks and tips together here in one place that have been learnt through experience.
I'll add a few links here to get it going but I think the best thing would be not long articles that can be googled.
CFC Best Practices
Macromedia CFC Best Practices
Update: This has been made into a community wiki
O'Reilly's Top Ten Tips for Developing ColdFusion Components
Four quick things:
Get on the CFCDev mailing list (or google groups as it is now).
PDF of a Design Patterns in CFML presentation by Sean Corfield is a good quick read.
http://www.cfdesignpatterns.com has some good stuff with links to quality CFC design articles.
Article on the design patterns in CFML on Rob Brooks-Bilson's Blog .
Prior to using the ColdBox Framework I did not see any posts about using Momentos to capture the properties at that moment; however, now all my beans have a getMomento() and setMomento() method. I would encourage this as a best practice for anyone who needs to pass information from a bean into a DAO other object.
In my tests, getting a momento is much faster than passing the bean and getting the properties. Here is an example:
<cfcomponent name="userBean" output="true" hint="The account bean holds getter/setter information for a user's account.">
<cfproperty name="idUser" required="true" type="string" rules="noZeroLengthString,validEmail" invalidMessage="failed_data_validation_email" hint="Key matching the 'accounts' table.">
<cfproperty name="loginEmail" required="true" type="string" rules="noZeroLengthString,validEmail" invalidMessage="failed_data_validation_email" hint="E-mail address.">
<cfproperty name="password" required="true" type="string" rules="noZeroLengthString,validPassword" invalidMessage="failed_data_validation_password" hint="Password stored in a SHA-512 hash.">
<cffunction name="init" output="false" returntype="userBean" hint="Initalizes the userBean with default values.">
<cfset variables.instance = structNew()>
<cfset variables.instance.IDUser = 0>
<cfset variables.instance.loginEmail = "">
<cfset variables.instance.password = "">
<cfreturn this>
</cffunction>
<!--- SET LOGIN --->
<cffunction name="setLoginEmail" access="public" returntype="void" output="false">
<cfargument name="email" type="string" required="true" />
<cfset variables.instance.loginEmail = trim(arguments.email) />
</cffunction>
<cffunction name="getLoginEmail" access="public" returntype="string" output="false">
<cfreturn variables.instance.loginEmail />
</cffunction>
<!--- ID --->
<cffunction name="setIDUser" access="public" returntype="void" output="false">
<cfargument name="id" type="numeric" required="true" />
<cfset variables.instance.IDUser = arguments.id />
</cffunction>
<cffunction name="getIDUser" access="public" returntype="numeric" output="false">
<cfreturn variables.instance.IDUser />
</cffunction>
<!--- PASSWORD --->
<cffunction name="setPassword" access="public" returntype="void" output="false">
<cfargument name="password" type="string" required="true" />
<cfset var pw = arguments.password>
<cfif len(pw) EQ 0>
<cfset variables.instance.password = "">
<cfelse>
<!---><cfset variables.instance.password = hash(arguments.password, "SHA-512") />--->
<cfset variables.instance.password = arguments.password>
</cfif>
</cffunction>
<cffunction name="getPassword" access="public" returntype="string" output="false">
<cfreturn variables.instance.password />
</cffunction>
<!--- MOMENTO --->
<cffunction name="setMomento" access="public" returntype="void" output="false">
<cfargument name="momento" type="struct" required="true" />
<cfset variables.instance = arguments.momento>
</cffunction>
<cffunction name="getMomento" access="public" returntype="struct" output="false">
<cfreturn variables.instance />
</cffunction>
Cheers,
Aaron Greenlee
My Site
ColdBox Development Best Practices