> Sounds like reuse by inheritance, which is considered a bad practice. > See Sean's blog for recent comments in that regard.
Thanks, Matt. Since my post yesterday, I have seen the light and have since moved away from a Security.cfc as a super for all my facades. However, my problem still exists when I attempt to perform the authentication in the pseudo-constructor of each individual facade. The problem is calling getHTTPRequestData() from *any* pseudo-constructor area, not just super-level. (See previous message for problem with the same code in Application.cfm.) > I don't believe HTTP request data is available to you when a CFC is > invoked as a web service. This is because Axis is actually handling the > request and response. But if the function is called from within a method body (and the method wasn't called from the pseudo-constructor), then I get the request header data fine. So you might be quite correct in that the request header shouldn't be available at all, but it *is* available from within a method, called directly by the request. > Do using cflogin actually work? No. Similar problem, whether using cflogin from the pseudo-constructor or in Application.cfm. This makes me wonder how the heck anyone is able to secure their web services, outside of running an authentication inside every method, and adding a username and password argument to each and every method. Is no one actually using CFCs to publish web services? NAT ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the word 'unsubscribe cfcdev' in the message of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com). An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
