Thursday, November 27, 2008

Essential HTTP Client Checklist and CFHTTP (Pt. 2)

In a previous post I discussed a list of criteria for a modern HTTP client and compared them to the out of the box features of the Adobe ColdFusion tag CFHTTP.  CFHTTP supports all of the 'must-have' features but provides little in the way of 'optional extras'. Critically common authentication options (such as digest and NTLM) are not supported.

So what alternatives are there to CFHTTP?

Before I look at Java libraries I thought I would do a quick google for a familiar face: The custom tag CFX_HTTP5, available from the CFTagStore. It looks like this ancient custom tag has recently been retested for ColdFusion 8 and shows less signs of being the abandonware it threated to become a few years ago. I can not speak to the tags merits directly since I have never used it, but it claims to support NTLM authentication among other things (like multi-threading, which is pretty redundant now ColdFusion has the CFTHREAD tag).

Here is a list of features from the TagStore. It looks like CFX_HTTP5 is (or was) the top selling ColdFusion tag.

  • Take complete control over HTTP request and response (like Referer, Content-type, cookies, redirects, and so on).

  • Control and report authentication scheme to be used in HTTP request: Basic, NTLM, Digest, and others.

  • Fixes most of known CFHTTP-related problems in ColdFusion 4.5, 5.0, and MX.

  • Use tag's asynchronous mode to execute many HTTP requests SIMULTANEOUSLY within the SAME ColdFusion page.

  • Execute HTTP requests on background, while reading a database, for example.

  • Progress monitoring of long-running downloads.

  • Selective downloads based on specified content types.


  • Tag maintains its own independent of ColdFusion threading and requests queuing.


  • Increase the performance of your Web-site by deploying true multithreaded applications.


  • Sessions - chained HTTP requests that share state and authetication credentials.


  • Trouble-free HTTPS communications.


  • Advanced timeout settings - both TCP/IP and HTTP-based.


  • Very small executable. No external dependencies, except WinHttp API.


  • Built-in GZIP decompression of the content.


  • Built-in base64 encoding of binary content.


  • Client-side Digital Certificates support.


  • Unicode and Code Pages support (CF MX and later).


  • Able to support access to any Web-service.


As you can see the tag supports both NTLM and GZIP compression, but adherence to some of the 'Must-have' features is not readily apparent.

Stay tuned; The next post I will look at closer at the available Java libraries.

Monday, November 24, 2008

About this Blog

This is the personal blog of Ben Davies. Ben is passionate about using ColdFusion to integrate, automate and report the enterprise. Ben lives in Brisbane, Australia, and can offer his services via his company, Helium 3 IT Solutions.

Friday, November 14, 2008

Essential HTTP Client Checklist and CFHTTP (Pt. 1)

Restful Web Services (Leonard Richardson and Sam Ruby, O'Rielly 2007)

I was reading "Restful Web Services" (Leonard Richardson and Sam Ruby, May 2007) and I came across a useful checklist of the 'must-have' and 'optional-extra' features of HTTP client software libraries, along with a comparison of HTTP client libraries for different platforms.

Out of curiosity I am going to measure ColdFusion 8's CFHTTP functionality against the check list to see how it fares, and then compare it to the Java libraries presented (because if CFHTTP fails to deliver your next step will no doubt be Java).

The following is their list of 'must-have' features, along with notes about the support within CFHTTP in ColdFusion 8.

  1. Support for HTTPS and SSL (Supported)

  2. Support for Methods GET HEAD PUT POST DELETE OPTIONS TRACE and optionally WebDAV extensions (like MOVE) ( Support exists for all HTTP spec methods but no extensions)

  3. Customisation of Entity Body of PUT and POST (Supported)

  4. Customisation of Request Headers (Supported)

  5. Access to the headers and the response code of the provided response(Supported)

  6. Support for HTTP Proxies (Supported - So long as you use basic proxy authentication- more later)


Here are the 'optional-extras':

  1. Automatic, Transparent HTTP Compression(Not Supported)

  2. Automatic, Transparent Response Caching (Using response headers) (Not Supported)

  3. Support for Basic, Digest and WSSE Authentication Basic is supported, but not Digest. WSSE is not supported, and NTLM authentication definitely is not either. This one bites!

  4. Support for Redirects (Supported - So long as you do not redirect more than 4 times in a valid use case.)

  5. Support for Client-side cookie management/acceptance (Despite superb Server-side Cookie capabilities, there is no client-side capabilities here)


In my experience, support for NTLM (or any) authentication should be in the must-have list (especially for corporate environments) but from the context of the author's pespective - RESTful Web Services - I thought the list was very good.

Note that CFHTTP has all the 'must have' features from this list, which is a surprising and pleasing result.

What about the other Java libraries? You'll need to wait for the next blog entry!