views:

1315

answers:

4

I've exposed several web services in our product using java and WS-Security. One of our customers wants to consume the web service using Coldfusion. Does coldfusion support ws-security? Can I get around it by writing a java client and using that in coldfusion?

(I don't know much about coldfusion).

+1  A: 

I've never done any ws-security, and don't know if ColdFusion can consume it or not, but to answer your secondary question:

Can I get around it by writing a java client and using that in coldfusion?

Yes, absolutely. ColdFusion can easily use Java objects and methods.

Peter Boughton
+4  A: 

I'm assuming you mean you need to pass the security in as part of the SOAP header. Here's a sample on how to connect to a .Net service. Same approach should apply w/ Java, just the url's would be different.

<cfset local.soapHeader = xmlNew()>
<cfset local.soapHeader.TheSoapHeader = xmlElemNew(local.soapHeader, "http://someurl.com/", "TheSoapHeader")>
<cfset local.soapHeader.TheSoapHeader.UserName.XmlText = "foo">
<cfset local.soapHeader.TheSoapHeader.UserName.XmlAttributes["xsi:type"] = "xsd:string">

<cfset local.soapHeader.TheSoapHeader = xmlElemNew(local.soapHeader, "http://webserviceUrl.com/", "TheSoapHeader")>
<cfset local.soapHeader.TheSoapHeader.Password.XmlText = "bar">
<cfset local.soapHeader.TheSoapHeader.Password.XmlAttributes["xsi:type"] = "xsd:string">

<cfset theWebService = createObject("webservice","http://webserviceUrl.com/Webservice.asmx?WSDL")&gt;
<cfset addSOAPRequestHeader(theWebService, "ignoredNameSpace", "ignoredName", local.soapHeader, false)>

<cfset aResponse = theWebService.SomeMethod(arg1)>

Hope this is what you needed.

Jason
I'll have to try this out. Thanks!
ScArcher2
A: 

Code update: The code posted above throws errors. Here is the working version:

A: 

I'm doing some research on WS-Secuirty and ColdFusion myself for some time and can definitely say that the above example is not an implementation of WS-Security. Even though a username and password are sent in the header, they are sent in plaintext. Utilizing SSL will help, but WS-Security is a lot more work that just applying this code. ColdFusion natively doesn't support WS-Security, but it can easily use Java objects and methods. There's a package from Apache called WSS4J which does provides means of implementing WS-Security in Java. You can write a wrapper and then utilize it in ColdFusion. I persoanlly was able to do so, however, there needs to be a small configuration change on ColdFusion side which I'm having some problems with.

If anyone can help me out on the configuration part, I'd really appreciate it.

Dmitriy

Dmitriy