Best Practices


As with many new technologies, architectures, and strategies, Web Services has generated significant hype. The adoption rate for Web Services has grown to the point that it's now becoming clear there is some substance behind the excitement. Unlike many earlier technologies, Web Services has a chance to meet and perhaps even exceed the expectations surrounding it.

Along with the advantages of cross-platform compatibility come some drawbacks. Although the distributed computing environment of Web Services is widely recognized as the way of the future, it carries the baggage of network latency and additional translation time. The actual overhead of running a Web service is not as bad as perceived, but it is a factor for system architects to consider when selecting parts of their systems to expose to the world. Careful testing and optimization can reduce this potential problem significantly. Here are several general principles to consider when programming and architecting Web services:

  • Use Web services only when appropriate. Use ColdFusion Components when interoperability is unnecessary.

  • Use coarse-grained Web services. Do not call the same Web service 10 times on a page. Call it once and use a query of queries to return the granular information for display. Return the appropriate amount of information based on the transaction overhead.

  • Use stateless Web services whenever possible.

  • Limit the use of SSL, because the security feature has a considerable impact on performance. Try to encrypt data whenever possible.

  • Limit the use of complex data types within a Web service when interacting with other platforms.

Another practice, which is highly recommended though not currently supported in ColdFusion MX, is the use of asynchronous Web services.

Synchronous RPC-style operations let you know immediately whether an operation was successful. Performing synchronous operations across multiple processes is an all-or-nothing proposition. The initiating application must wait for the chain of Request-response operations, regardless of its length. When something goes down or a process fails, the application initiating the request must know to take some other course of action. On the other hand, asynchronous messaging allows a process to be concerned only with initiating a request, knowing that it will eventually receive a response asynchronously. This relieves the Web service client from waiting for the invoked operation to respond. The One-way and Solicitation operation types are commonly used with asynchronous Web services. These should be used for performance reasons, when available from Web Services providers, whenever immediate responses are not required.

Error Handling

In the "WSDL" section of this chapter, we briefly mentioned the message name CFCInvokationException that ColdFusion MX creates when generating the WSDL for your Web service. This allows someone who calls a Web service you have written to catch run-time or other errors while their code continues processing without the expected response from your Web service.

Any Web service can throw errors, which may or may not be critical to the page that is calling the service. If you use <cftry> and <cfcatch> or the try, catch <cfscript> equivalents, you can catch CFC, SOAP, and other errors in your application. If you don't catch these errors, they will be displayed in the browser. Unless you're testing the Web service yourself, you probably don't want the error to be written to the screen. Catching errors in ColdFusion MX is not difficult, but it does take some effort. You can catch multiple types of errors that may all require various types of additional processing. You can also specify an error type of any, which acts as a catch-all to the ColdFusion <cfcatch> tag, as shown in Listing 24.18.

Listing 24.22. Sample Use of <cftry><cfcatch> While Invoking a Web Service
 <html> <head>   <title>Where in the world is Sven Svensson?</title>   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <cftry>   <cfinvoke method="HTMLSearchAddress" returnvariable="aString"           webservice=       "http://www.marotz.se/scripts/searchperson.exe/wsdl/ISearchSwedishPerson">     <cfinvokeargument name="fName" value="Sven"/>     <cfinvokeargument name="lName" value="Svensson"/>     <cfinvokeargument name="address" value=""/>     <cfinvokeargument name="zipCode" value=""/>     <cfinvokeargument name="city" value=""/>   </cfinvoke>    <cfcatch type="any">      <cfset astring = "Where in the world is Sven Svensson?">    </cfcatch> </cftry> <cfoutput>#aString#</cfoutput> </body> </html> 

Configuring in ColdFusion Administrator

The ColdFusion Administrator lets you register a Web service with a name and URL. When you reference that Web service later in your code, you won't have to specify the URL for the Web service's WSDL file. Instead, the Web service can be referenced using the name that points to the WSDL's URL. For example, anytime you invoke a Web service registered as ZipCodeWS on a particular server, you reference it as WebService="ZipCodeWS". The URL can then be changed to point to another URL without modifying the invocation code throughout the application. This represents a type of code encapsulation, which could also be done using Application or Request scope variables.

Security

Web services rely on current technologies to implement security. These include SSL, IP filtering, and digital certificates. These techniques address some issues related to Web Services security but are far from comprehensive. A new standards body, the Web Services Interoperability Organization (WSI), is developing specifications for Web Servicesspecific security issues. These comprise a variety of platforms, applications, and programming languages. They include possible Web Services specifications such as HTTP-R, XML Encryption, and XML Digital Signature. ColdFusion Web Services security is usually handled programmatically within ColdFusion Components, but when sensitive data is communicated across HTTP, that may not be enough.

Security concerns may eventually lead to creation of firewalls for specific applications within the enterprises. Under such security policies, the contents of all communications would be inspected, including XML and SOAP messages.

Web Services security is incomplete at best and is clearly in its infancy. Existing methods of securing data and limiting access were not designed with interoperability and performance in mind.



Advanced Macromedia ColdFusion MX 7 Application Development
Advanced Macromedia ColdFusion MX 7 Application Development
ISBN: 0321292693
EAN: 2147483647
Year: 2006
Pages: 240
Authors: Ben Forta, et al

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net