开发Coldfusion Web服务 [英] Develop Coldfusion Web Service

问题描述

我需要开发/设计Coldfusion Web服务，它使用很少的对象调用和函数。

2. 如何验证外部/内部用户，任何样本？


3. 
   

FYI，此Web服务将由多个部门使用。

感谢
A

解决方案

OOP例子遍布网络。我没有任何方便，所以我将跳过这一部分，直接进行身份验证和安全。

首先，身份验证。有几种可能的答案取决于您正在认证的用户类型。例如，如果您正在认证通过第3部分工具（如桌面或电话应用程序发布到Twitter）连接的用户，我会说OAuth是一个很好的解决方案。在 oauth.riaforge.com 上有一个很好的图书馆，可用于发布和消费OAuth集成。如果你正在寻找更轻的权重，我们使用一个简单的令牌创建方案的Web服务，只有合作伙伴服务消耗。基本上，合作伙伴服务会向用户名和密码对发送金额，使用最后使用的时间戳创建令牌，并且每次Web服务交互后，我们对令牌存储区进行检查。

类似地，安全性很大程度上取决于你的最终目标。然而，有一些我一直试图遵循的基本原则。首先，按照通常的方式构建您的基本CFC。入口点应该是public，帮助函数private等。这包括构建一个对象来处理你选择的任何验证模型。最重要的是，构建您的公共API。这些应该都是访问函数。它们由外部应用程序调用，调用安全对象，然后调用适当的对象和方法来实现调用的目标。这样，您就不必将安全层烘焙到基本功能调用中，但您也可以轻松地添加安全性。记住，单个API调用不必反映单个基本调用 - 如果需要，您可以构建更复杂的例程。

验证

• OAuth


• / li>
  

安全性

• 远程API层

I need to develop/design Coldfusion Web Service which uses few object calls and functions.

1. What is good source of samples to develop in terms of OOP?
2. What is best way to secure the web service?
3. how to authenticate external/internal users, any sample?

FYI, This web service is going to be used by multiple department.

thanks A

解决方案

OOP examples are all over the web. I don't have any handy, so I'll skip that part, and go straight to authentication and security.

First, authentication. There are several possible answers depending on what kind of users you are authenticating. For example, if you are authenticating users connnecting via a 3rd parth tool -- like a desktop or phone app posting to Twitter -- I would say that OAuth is a good solution. There is a good library for both publishing and consuming OAuth integrations at oauth.riaforge.com. If you are looking for someting lighter weight, we used a simple token creation scheme for a webservice that was only consumed by partner services. Basically, the partner service sends what amounts to a username and password pair, a token is created with a "last used" timestamp, and every time the webservice interacts after that, we do a check against the token store.

Security is, similarly, very dependent on your end goals. However, there are a few basic principles I've always tried to follow. First, build your basic CFCs as you normally would for constructing your objects. Entry points should be public, helper functions private, etc. This includes building an object to handle whatever authntication model you choose. On top of that, build your public API. These should all simply be access functions. They are called by outside applications, call the security object, then call the appropriate objects and methods to achieve the goal of the call. This way, you never have to bake the security layer into your base functionality calls, but you also have an easy way to include security. Remember, a single API call does not have to reflect a single base call -- you can build more complex routines if needed.

So, to recap.

Authentication

• OAuth
• Temporary Token Generation

Security

• private/public (not remote) base layer
• private/public (not remote) authentication layer
• remote API layer

这篇关于开发Coldfusion Web服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！