OK, I'll finish up the webservice wrapper CFC on which I'm working and then look at what's necessary to add the digest password type (currently I just have the text type working) and any other parts of WS-Security that are possible in CF.
The code will work in CF8 and higher, although parts of it will probably work in CF7 (since that's when we got addSoapRequestHeader()). mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ On 5 June 2010 21:15, Phillip Duba <[email protected]> wrote: > > James, I know I will definitely need something like that in the future. > While this project went the .NET route, there are two follow-on projects > that will most likely be needed, one requested by my group, so I know I'll > be working on at least one more integration using WS-Securit. Thanks, > > Phil > > On Sat, Jun 5, 2010 at 8:12 AM, James Holmes <[email protected]> > wrote: > > > > > Coincidentally, I've just finished developing the code necessary to do a > > basic WS-SECURITY call in CF, using standard cf webservices code (i.e. no > > extra Java jars or other external dependencies). > > > > If people need this sort of thing, let me know because I'm thinking of > > starting an open source project to flesh it out. > > > > mxAjax / CFAjax docs and other useful articles: > > http://www.bifrost.com.au/blog/ > > > > > > On 5 June 2010 01:04, Phillip Duba <[email protected]> wrote: > > > > > > > > It did for the pure web services, not for the HTTP Post method (not > > > recommended for production). It was a proof-of-concept under a tight > > > deadline so I didn't have time to follow the web service all the way to > > the > > > conclusion I would need for production. I did find a few blog posts > that > > > got > > > me pointed in the direction I probably needed to go. The specific > > > implementation was the Username Token profile. I eventually got to > > > receiving > > > an error of cannot authorize/validate the username token. It probably > had > > > to > > > do with timestamps and the makeup of the token itself. Again, I just > ran > > > out > > > of time and the project was chosen to be done by another organization > > > internally doing .NET work for which the WS-Security implementation was > > > seamless using MS's WSE library. It wasn't the deciding factor, but it > > was > > > definitely a differentiator, > > > > > > Phil > > > > > > On Fri, Jun 4, 2010 at 12:53 PM, Dan O'Keefe <[email protected]> > > wrote: > > > > > > > > > > > Philip, > > > > > > > > Did you authorization require WS-Security? > > > > > > > > Dan > > > > -------------- > > > > Dan O'Keefe > > > > > > > > > > > > > > > > On Thu, Apr 29, 2010 at 12:13 PM, Phillip Duba <[email protected]> > > > wrote: > > > > > > > > > > Dave, thanks for the response. I've gone to executing the request > > using > > > > > CFHTTP, creating the soap:Header tag and building it as I go > through > > > the > > > > WSE > > > > > spec and examples. I've gotten to the point that I get unauthorized > > so > > > > > that's where I'm at now. I may have to use CFHTTP to do it, but > we'll > > > > see. > > > > > Thanks again, > > > > > > > > > > Phil > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:334326 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
