5 Replies Latest reply on Aug 24, 2006 11:20 PM by surkovag

    Securing web service

    surkovag
      Hi!
      I've read a lot of docs about CF web service authentication integration

      If I adding this authentication to web service like this:

      <cfsilent>
      <cfset isAuthenticated = false>
      <cflogin>
      <cfif isDefined("cflogin")>
      <!--- verify user name from cflogin.name and password from
      cflogin.password using your authentication mechanism --->
      </cfif>
      </cflogin>

      <cfif NOT isAuthenticated>
      <!--- If the user does not pass a username/password, return a 401 error.
      The browser then prompts the user for a username/password. --->
      <cfheader statuscode="401">
      <cfheader name="WWW-Authenticate" value="Basic realm=""Test""">
      <cfabort>
      </cfif>
      </cfsilent>

      then it faults while generating WSDL and returns a following error:
      AxisFault faultString: Error attempting to create Java skeleton for CFC web service; nested exception is:
      -----------------------------------------------------------

      If I remove <cfabort> tag then it is possible to generate WSDL for this web service but an error will be like this:

      ------------------------------------------------------------
      AxisFault
      faultString: (401)Unauthorized
      { http://xml.apache.org/axis/}HttpErrorCode:401
      ---------------------------------------------------------------

      From documentation :
      "If the user does not pass a username/password, return a 401 error.
      The browser then prompts the user for a username/password."

      But browser doesn't show any dialog - only message described above!!!

      May be CFC module isn't a right place to put this authentication module?