philduba.comRecent Entries
- MangoBlog/Oracle Int...
- OT - Google Maps: In...
- Email Hijacked?
- CFUnited: Refactorin...
- CFUnited: Continuous...
- CFUnited: Prototypin...
- CFUnited: All about ...
- CFUnited: Event Driv...
- CFUnited: Integrated...
- CFUnited: ColdBox Fr...
Popular Entries
- CFUnited: All about ...
- SAML and ColdFusion ...
- SAML and ColdFusion ...
- SAML and ColdFusion ...
- SAML and ColdFusion ...
- SAML and ColdFusion ...
- CFUnited: Google Web...
- Import/Export in SQL...
- Second Blog CFC Surv...
- Improving Performanc...
Top Commenters
- Nathan Mische (12)
- CFFusionDev (6)
- CFdevfusion (6)
- Peter Bell (4)
- Sean Corfield (3)
- Rey Bango (3)
- Terrence Ryan (3)
- ah7866 (3)
- Scott (2)
- Jim Priest (2)
Slideshows
Dresser/Changing Table...Images related to the lay...
Nursery renovations...
Pool Surprises...
Sponsored Links
Search
Subscribe
Enter your email address to subscribe to this blog.RSS
Tags
cfug cfunited coldfusion flex generalArchives
- Adobe (5) [RSS]
- AIR (6) [RSS]
- ASP.NET (2) [RSS]
- BlazeDS (1) [RSS]
- Books (1) [RSS]
- CFEclipse (5) [RSS]
- CFML (0) [RSS]
- CFUG (26) [RSS]
- CFUnited (23) [RSS]
- ColdFusion (53) [RSS]
- College Football (3) [RSS]
- Conferences (1) [RSS]
- Development Tools (3) [RSS]
- DIY (1) [RSS]
- Eagles (3) [RSS]
- Fireworks (1) [RSS]
- Flash (3) [RSS]
- Flex (10) [RSS]
- Flyers (2) [RSS]
- Frameworks (5) [RSS]
- General (28) [RSS]
- Hockey (2) [RSS]
- Hosting (1) [RSS]
- House (2) [RSS]
- HTML (2) [RSS]
- JavaScript (1) [RSS]
- Jobs (1) [RSS]
- Macromedia (0) [RSS]
- MangoBlog (1) [RSS]
- Misc. (5) [RSS]
- Model-Glue (4) [RSS]
- Navy Football (5) [RSS]
- onair2007Philadelphia (3) [RSS]
- onairbustour (3) [RSS]
- Open Source (0) [RSS]
- Other (2) [RSS]
- Other Sports (4) [RSS]
- Performance (3) [RSS]
- Personal (2) [RSS]
- Phillies (2) [RSS]
- Projects, User Group Manager (1) [RSS]
- Rant (1) [RSS]
- Rants (1) [RSS]
- SAML (6) [RSS]
- Site (1) [RSS]
- Soccer (4) [RSS]
- SQL Server (2) [RSS]
- Transportation (1) [RSS]
- Wedding (2) [RSS]
AGGREGATORS
SAML and ColdFusion Part 4 : Setting Up the Library
Posted On April 26, 2007 7:00 AM By Phil in SAML,ColdFusion
So far in this series, I have talked about what SAML is, what makes up and Assertion and what XML Digital Signatures are. Now, it is time to actually get into an implementation using ColdFusion. Unfortunately, a pure ColdFusion solution is unattainable due to the limitations of XML manipulation and the lack of native XML Signature components in its supported JRE (1.4.whatever). As a result, I did a lot of research on the various libraries and products out there. I wanted something simple to implement and preferably open source and, obviously, it had to be compatible with ColdFusion. After about a few days, I decided on the Apache XML Security library. No sense beating around the bush, here are the steps I used to implement this library, pay special attention to the versions of the library used as the latest isn't the right one for this version of ColdFusion (note: I used ColdFusion MX 7.0.2):
- Download the Apache XML Security library version 1.2.0
- Unzip the file into a non-web based folder (I defaulted mine to the base drive the CFMX server was on)
- Download a second file which is an update to the xmlsec.jar file found in the file downloaded in step 1, xmlsec-1.2.96.jar
- Save the xmlsec-1.2.96.jar file in the libs folder where you extracted the file in step 2 and remove the xmlsec.jar file as having both in the same directory will cause issues
- The following files should be iin the drive/xml-security-1_2_0/libs directory
- xmlsec-1.2.96.jar
- xercesImpl.jar
- xml-apis.jar
- xmlParserAPIs.jar
- commons-logging.jar
- commons-logging-api.jar
- xmlsecSamples.jar
- Add each one of the files listed above to your ColdFusion classpath
- Restart the ColdFusion server
At this point, you should have the Apache XML Security Library installed and it registered with ColdFusion. Since ColdFusion can access Java objects, one might be tempted to go ahead and perform a CreateObject("java",...) to get at the various classes in the library. This type of logic cannot be done for a variety of reasons, but the two main ones are: ColdFusion's representation of XML is not the same as required by the library and in order to use almost any class in the library, the following must be run: org.apache.xml.security.Init.init(). Unfortunately, the way ColdFusion uses init() on Java objects causes it to call the constructor, in this case Init(), which obviously does not do the same thing and an error will result. So, the end result is that a Java class to accept XML in string representation to sign or verify needs to be built. I will cover this in the next installment as I want to keep this entry specifically related to the Apache XML Security library setup.
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)