keep cfcs called as web services instantiated beyond a single request.
Thos CFCs should be exceedingly lightweight and do little more than delegate
to cached CFCs in a shared scope that actually do everything. This is the
architecture you refer to, but it's important that the actual web service
CFC instances are different, and never kept around.
Semantics? Yes. Potentially confusing? Yes. At least it was to me when I
was first trying to figure out how to use WS effectively.
Cheers,
barneyb
> -----Original Message-----
> From: Adrocknaphobia [mailto:[EMAIL PROTECTED]
> Sent: Thursday, April 22, 2004 2:40 PM
> To: CF-Talk
> Subject: Re: Web Services
>
> Exactly, however it is possible to keep those cfcs instantied
> if you roll your own architecture to do it.
>
> -adam
>
> > -----Original Message-----
> > From: Barney Boisvert [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, April 22, 2004 08:17 PM
> > To: 'CF-Talk'
> > Subject: RE: Web Services
> >
> > Web services are only as stateless as the protocol (HTTP)
> makes them.
> >
> > We've used an authentication token, much like a cookie,
> with great success.
> > We also have fairly expensive authentication/authorization
> operations which
> > are greatly streamlined by caching, so it was of great benefit to
> > authenticate as few times as possible.
> >
> > A slightly different point of note is that all web service
> invocations on
> > CFCs happen "statically". In other words, all your web
> service invocations
> > initialaze a brand new CFC instance for each request, call
> a method on the
> > instnace, and then it gets thrown away, never to be used again.
> >
> > Cheers,
> > barneyb
> >
> > > -----Original Message-----
> > > From: Marlon Moyer [mailto:[EMAIL PROTECTED]
> > > Sent: Thursday, April 22, 2004 12:27 PM
> > > To: CF-Talk
> > > Subject: Web Services
> > >
> > > I'm trying to experiment with web services and I've already
> > > run into my
> > > first conundrum. It seems that the basic principle of
> web services
> > > dictates a stateless design. So how do you maintain
> security in your
> > > services. Say you have a time sheet program and the flow
> > > goes something
> > > like this:
> > >
> > >
> > >
> > > 1.enter site.
> > >
> > > 2.log into system
> > >
> > > 3.enter new time into system
> > >
> > > 4.review old records.
> > >
> > > 5.edit previous entry
> > >
> > >
> > >
> > > Does this mean that for steps 2 through 5 you'll be sending the
> > > user/password combo so that each call can be authenticated? I've
> > > thought that maybe step 2 could return a connection id
> that you could
> > > sub for the user/password combo.....
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > --
> > >
> > > Marlon Moyer, Sr. Internet Developer
> > >
> > > American Contractors Insurance Group
> > >
> > > phone: 972.687.9445
> > >
> > > fax: 972.687.0607
> > >
> > > mailto:[EMAIL PROTECTED]
> > >
> > > www.acig.com
> > >
> > >
> > >
> > >
> > >
> > >
> >
> >
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
