4

I am implementing the Single Sign On functionality. I have an ColdFusion application which takes input parameters from Java application (POST request). What I need to do is return status codes and a description to indicate whether the user has access and the failed reason if the user does not have access to my CF application. Something like below: enter image description here

I have created a cfc and provided this as an API to allow Java users to pass in their UserName, CustomerID to my CF application. Do I need to write the return response logic in the same file? Like a function which "throw" error code (cfthrow).

Or may be I can use "cfheader"....something like this:

<cfif form.CustomerId EQ queryname.CustID>
<CFHEADER 
    STATUSCODE="200"
    STATUSTEXT="Success">

<cfelse>
 <CFHEADER 
    STATUSCODE="400"
    STATUSTEXT="Insufficient Input">
</cfif>

Can anyone please help me here?

Vasu
  • 75
  • 1
  • 4
  • If your messages are going to be read by a normal person, simply provide the information. Don't geekify it with status codes or anything else not generally understood. – Dan Bracuk Jul 10 '17 at 11:10
  • @DanBracuk : Actually, the status messages will be read by the system and based on the status, the appropriate tables will get updated. – Vasu Jul 10 '17 at 11:26
  • 2
    Why are you returning `400` for `Customer ID doesn't exist` and not [`404` (not found)](https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.5)? Similarly, why is "Invalid password" 400 and not [401 (unauthorized)](https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1) and "User account locked" 401 and not [403 (forbidden)](https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.3)? – MT0 Jul 10 '17 at 12:18
  • Nothing specific. I just wanted to give custom statuses to each one of them. I can provide the 'defined' statuses also. But stuck on that part. – Vasu Jul 10 '17 at 12:22
  • Is this a REST application within ColdFusion or just a simple CFC? – MT0 Jul 10 '17 at 12:22
  • Yes, It is REST – Vasu Jul 10 '17 at 12:23
  • Have you tested your own solution? As far as i can tell there is nothing wrong with it, and it will work. – Nebu Jul 10 '17 at 13:14
  • I would stick with the standard codes ( http://www.iana.org/assignments/http-status-codes ). – Shawn Jul 11 '17 at 19:04

1 Answers1

5

You can use:

component restpath = "your/rest/path" rest="true"
{
  remote void function errorTest()
    httpmethod = "GET"
    restpath   = ""
  {
    cfheader(
      statuscode = 401,
      statustext = "Invalid Password"
    );

    // or

    restSetResponse({
      status = 401,
      headers = { explanation = "Invalid Password" }
    });

    // or, using Java

    getPageContext()
        .getResponse()
        .getResponse()
        .sendError( JavaCast( 'int', 401 ), "Invalid Password" );

    // or, using the deprecated setStatus(int,string) method in Java

    getPageContext()
        .getResponse()
        .getResponse()
        .setStatus( JavaCast( 'int', 401 ), "Invalid Password" );
  }
}

Note: I have not found a way to directly set the message using restSetResponse() so this returns a custom header with the message instead.

MT0
  • 143,790
  • 11
  • 59
  • 117
  • Why is getResponse called twice after getPageContext? Is that really necessary? – Trob Frank Apr 19 '23 at 12:38
  • @TrobFrank If you are asking why it is `getPageContext().getResponse().getResponse()` then that's just what worked at the time and it may be that the `sendError` or `setStatus` methods are not available on the first response object reached in the hierarchy; it is probably coincidence when navigating through the hierarchy of Java classes to the correct class that handles the response and those classes happened to have identically named methods. Unfortunately, I'm not using ColdFusion any more and don't have an instance I can use for testing to tell you the exact reason. – MT0 Apr 19 '23 at 13:42