Web Services Security
Although several competing standards for handling security within the web services framework are under development, as of this writing there is no accepted standard. That said, there are existing technologies you can use to secure access to your web services. ColdFusion supports web service security in two ways, at the web server level and using ColdFusion’s built-in security framework.
Securing Access Using HTTP Basic Authentication
At the web-server level, you can protect a web service using HTTP Basic Authentication. This is done by restricting access to the directory containing the CFC you want to expose as a web service. For more information on using HTTP Basic Authentication, see Chapter 8, as well as the documentation for your particular web server.
For web services that restrict access based on HTTP Basic
Authentication, you can provide a username and password to pass along
with the call to the web service in the cfinvoke
tag or by registering the web service in the ColdFusion
Administrator:
<cfinvoke webservice="http://www.example.com/addressLookup.wsdl" returnvariable="myAddress" username="username" password="password"> <cfinvokeargument name="userID" value="pmoney"> </cfinvoke>
The username and
password values are Base64-encoded and
passed as
username
:
password
in the authorization header to the target server.
Securing Access Using ColdFusion’s Built-in Security Framework
You can control access to your web services at a much more granular level ...
Get Programming ColdFusion MX, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
