Adobe COLDFUSION 9 Manual page 1116

DEVELOPING COLDFUSION 9 APPLICATIONS
Using Web Elements and External Objects
To publish CFCs as document-literal style web services, specify
other attributes required for document-literal style web services. For example, ColdFusion publishes the following
CFC using document-literal style:
<cfcomponent style="document" >
<cffunction
name = "getEmp"
returntype="string"
output = "no"
access = "remote">
<cfargument name="empid" required="yes" type="numeric">
<cfset var fullname = "">
<cfquery name="empinfo" datasource="cfdocexamples">
SELECT emp_id, firstname, lastname
FROM employee
WHERE emp_id = <cfqueryparam cfsqltype="cf_sql_integer"
value="#arguments.empid#">
</cfquery>
<cfif empinfo.recordcount gt 0>
<cfset fullname = empinfo.lastname & ", " & empinfo.firstname>
<cfelse>
<cfset fullname = "not found">
</cfif>
<cfreturn #fullname#>
</cffunction>
</cfcomponent>
Securing your web services
You can restrict access to your published web services to control the users allowed to invoke them. You can use your
web server to control access to the directories containing your web services, or you can use ColdFusion security in the
same way that you would to control access to any ColdFusion page.
To browse the HTML description of a CFC file, you request the file by specifying a URL to the file in your browser. By
default, ColdFusion secures access to all URLs that directly reference a CFC file, and prompts you to enter a password
upon the request. Use the ColdFusion RDS password to view the file.
To disable security on CFC file browsing, use the ColdFusion Administrator to disable the RDS password.
For more information, see "Building and Using ColdFusion
Using your web server to control access
Most web servers, including IIS and Apache, implement directory access protection using the basic HTTP
authentication mechanism. When a client attempts to access one of the resources under a protected directory, and has
not properly authenticated, the web server automatically sends back an authentication challenge, typically an HTTP
Error 401 Access Denied error.
In response, the client browser opens a login prompt containing a user name and password field. When the user
submits this information, the browser sends it back to the web server. If authentication passes, the web server allows
access to the directory. The browser also caches the authentication data as long as it is open, so subsequent requests
automatically include the authentication data.
Web service clients can also pass the user name and password information as part of the request. The
includes the and
user name
authentication. You can include these attributes when invoking a web service, as the following example shows:
attributes that let you pass login information to a web server using HTTP basic
password
Last updated 8/5/2010
cfcomponent style="document"
Components" on page 177.
1111
, along with the
tag
cfinvoke