Reputation: 87167
How do I create a ColdFusion web service client that uses WS-Security?
I've exposed several web services in our product using Java and WS-Security. One of our customers wants to consume the web service using ColdFusion. Does ColdFusion support WS-Security? Can I get around it by writing a Java client and using that in ColdFusion?
(I don't know much about ColdFusion).
Upvotes: 3
Views: 3761
Answers (3)
Reputation: 1125
This is probably more accurate to produce the 'simple' xml soap header. The example above is missing a few lines.
Local['soapHeader'] = xmlNew();
Local['soapHeader']['UsernameToken'] = xmlElemNew(local.soapHeader, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "UsernameToken");
Local['soapHeader']['UsernameToken']['username'] = xmlElemNew(local.soapHeader, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "username");
Local['soapHeader']['UsernameToken']['username'].XmlText = Arguments.szUserName;
Local['soapHeader']['UsernameToken']['username'].XmlAttributes["xsi:type"] = "xsd:string";
Local['soapHeader']['UsernameToken']['password'] = xmlElemNew(local.soapHeader, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "password");
Local['soapHeader']['UsernameToken']['password'].XmlText = Arguments.szPassword;
Local['soapHeader']['UsernameToken']['password'].XmlAttributes["xsi:type"] = "xsd:string";
addSOAPRequestHeader(ws, "ignoredNameSpace", "ignoredName", Local.soapHeader, false);
Upvotes: 2
Reputation: 276
I'm assuming you mean you need to pass the security in as part of the SOAP header. Here's a sample on how to connect to a .Net service. Same approach should apply w/ Java, just the url's would be different.
<cfset local.soapHeader = xmlNew()>
<cfset local.soapHeader.TheSoapHeader = xmlElemNew(local.soapHeader, "http://someurl.com/", "TheSoapHeader")>
<cfset local.soapHeader.TheSoapHeader.UserName.XmlText = "foo">
<cfset local.soapHeader.TheSoapHeader.UserName.XmlAttributes["xsi:type"] = "xsd:string">
<cfset local.soapHeader.TheSoapHeader = xmlElemNew(local.soapHeader, "http://webserviceUrl.com/", "TheSoapHeader")>
<cfset local.soapHeader.TheSoapHeader.Password.XmlText = "bar">
<cfset local.soapHeader.TheSoapHeader.Password.XmlAttributes["xsi:type"] = "xsd:string">
<cfset theWebService = createObject("webservice","http://webserviceUrl.com/Webservice.asmx?WSDL")>
<cfset addSOAPRequestHeader(theWebService, "ignoredNameSpace", "ignoredName", local.soapHeader, false)>
<cfset aResponse = theWebService.SomeMethod(arg1)>
Hope this is what you needed.
Upvotes: 5
Reputation: 112150
I've never done any ws-security, and don't know if ColdFusion can consume it or not, but to answer your secondary question:
Can I get around it by writing a java client and using that in coldfusion?
Yes, absolutely. ColdFusion can easily use Java objects and methods.
Upvotes: 1
Related Questions
- ColdFusion 11 webservice not working with https, works with http
- ColdFusion RESTful web service
- How to consume an authenticated webservice in coldfusion?
- How to secure a webservice CFC for use with AJAX
- Creating secure web services with ColdFusion
- How can I secure ColdFusion CFC Web Services?
- consuming coldfusion webservices
- Unauthorized Sharepoint WSDL from ColdFusion 8
- ColdFusion to access secure web service
- Using Sharepoint web-services with Coldfusion