Building + Consuming

bevyquixoticSecurity

Nov 3, 2013 (3 years and 9 months ago)

79 views

Building + Consuming
WebServices

CF Style

Kevin Penny

MMCP (4.5/5/MX6)

Topics Covered


Uses of Web Services


Advantages of Web Services


Web Service Diagram


Languages of Web Services


Creating Web Services


Accessing Web Services


Securing Web Services


Best Practices


References




Uses
-

Web Services in Action


Remotely lookup Product Inventory on Vendor overseas
on the Web


Create a stock lookup that’s available to a Flash Mobile
application


Create an interface to an already existing application to
share data internally with other systems at a company


Time Card System that may ‘check
-
in’ / ‘check
-
out’
employees in one area of the company maintained at
another Central Location.


Search Term / Search Results interface (i.e. Google)


Others??


Advantages


Old vs. New


Old Method


Form post of an xml file or specific
value(s) as a name/value to a url


The url receives the post and
expects a certain ‘name(s)’ as
input


Processes the input and creates
an XML document that the two
parties agree on


Response is a text/xml document
that the sender receives back and
parses and processes the
response from the XML document.


No Soap


No WSDL


No UDDI


Limited


New Method



(Web Services)


Cfc created in Cold Fusion
<cfcomponent>


Function (method) created to ‘do’
something


<cffunction name=“fn” access =
“remote”>


Parameters can be passed to
function as arguments


<cfargument name=“x”>


WSDL file is Generated
automatically


SOAP message created and
accepted automatically


Returnvalue <Cfreturn> specifies
the value of the response.



Advantages (con’t)


STANDARDS BASED
-

all speaking the same language that’s Industry
Standard


Network/Language/System Neutral


Can be implemented in many different
languages behind the scenes, but can be made accessible via web
services.


WSDL File
-

describes what’s needed in a readable XML format that tells
developers what to call, what to pass in, and what’s expected (if anything)


Self Documenting


Write the code and the Documentation at the same
time.


Publicly Available (optionally)
-

Can be made publicly available in a web
service directory as an API (application programming interface) to your
application or a part of your application (see References area for UDDI)


REUSE
-

you do not have to recreate application logic that someone else
has already created and, therefore, you can build your applications faster



Example


Ask Geeves
…(ripoff

)


Form Post


Web Service Call


Web Service Output


CFAdministrator setup


WSDL
File


ColdFusion Component
Explorer for
generated WSDL File


Languages
-

Your Web Service
Toolkit


You’ll need your…


XML (eXtensible Markup Language) **


WSDL (Web Services Definition Language) *


SOAP (Simple Object Access Protocol)


UDDI (Universal Description, Discovery, and
Integration)


Implementation Language of Choice **


ColdFusion/.Net/Flash/Java etc…


Familiarity with Structures and Arrays is a plus



** Denotes Most Important in the ToolKit for CF Developers

Diagram
-

Path of the Web
Service

Creating Web Services


The CFC Creation


<cfcomponent>


The CFFunction Method/Function


<cffunction>


The Access Method


<cffunction access=“remote”>


The return ‘Datatype’


<cffunction access=“remote” returntype=“string”>


The Code in the cffunction


business logic/database lookup/logging/tracking/permissions


The CFRETURN value

Accessing Web Services


Cfinvoke webservice= *


url to wsdl file on external server


Can be setup in CF Admin (just like a datasource)


Arguments can be passed to the web service as
<cfinvokeargument> or inline (name/value pairs)


Method = xyz The ‘function’ you want to access


Createobject() inside a cfscript to invoke a
webservice


Cfobject tag to call a webservice


All options give the same performance



* deontes my preference


Securing Your Web Services


Providing Access to your Web Service


Methods


Login/Password


Reference Key


Encrypted Keys


Cfid/cftokens


Jsessions etc


IP Restrictions


Bottom Line: however you would secure your
website, you can secure your Web Service

Best Practices


KISS Principle


Basic datatypes are preferred
to complex datatypes


i.e. Strings compared to CFusion Queries


Test before you publish + error trap




if the cfc works prior to publishing it, it should work
afterwards


Caching can/may occur


be prepared for it


Get familiar with One way of creating/consuming
web services and use it (personal preference)

References


ColdFusion Web Services


Beginners Guide


Googles Web Search API


http://api.google.com/GoogleSearch.wsdl



XMethods.com


www.xmethods.com


CFDOCS Online/
Local


UDDI Registry


IBM



The Pragmatic Programmer





Book of the Month