Table of contents
16 February 2016
vAlthough an existing knowledge of ColdFusion would help, this article does not require you to have ColdFusion skills. A general understanding of the web technologies would help you to understand quickly.
User level: All
Adobe ColdFusion (2016 release) is a feature packed version of ColdFusion with benefits ranging from better security, performance, scalability, PDF improvements, language enhancements along with the all new API Manager.
While all the features of ColdFusion (2016 release) are easy to follow and understand, API Manager needs an introduction.
API Manager is a new component introduced for the first time in Adobe ColdFusion (2016 release). It is a standalone server component that can run on its own, providing you all the capabilities of monitoring, measuring, securing, and monetizing APIs. APIs can be either REST or even SOAP-based. While API Manager component makes it really easy to import APIs from a ColdFusion server, API Manager by itself is technology agnostic and can be used with APIs (REST or SOAP) defined by any other backend technology. For instance, the API Manager can provide all the benefits associated to a PHP or an ASP.NET API as much as a CFML-based API. All the client requests will be routed through the API Manager before routing the requests to the actual end point in the backend.
This article serves as a quick introduction to what is available in ColdFusion (2016 release). As it is not possible to cover all features in a single article, you can refer to other feature specific articles in Adobe Developer Connection or ColdFusion (2016 release) documentation for more information.
The entire feature set of ColdFusion (2016 release) can be categorized into three product themes. These themes are also focus areas for ColdFusion (2016 release). In this article, I will explain each theme along with its features. The three product themes of ColdFusion (2016 release) are as follows:
- Embrace Futuristic Technologies
- Deploy enterprise ready applications
- Build applications quickly
Under this product theme, ColdFusion (2016 release) introduces features that let you quickly and easily adopt the latest web technologies.
APIs have become the ubiquitous interfaces for two different applications to communicate effectively with each other. The proof for the above claim comes from the fact that there has been an exponential increase in the number of public and private APIs being created by organizations, small or large. Forrester predicts that more than 75% of Fortune 100 companies will have open APIs by the end of this year.
Although APIs are the now and future, it is not straightforward for an organization of any size to implement an API strategy.
- You need to start with defining the business objectives for API strategy.
- It then involves designing the APIs either by using the more popular REST interface or by using the legacy SOAP interface for APIs.
- Once the design is complete, coding the API by using a language of choice, which includes CFML, is the next step. Many would think that once code is in place, we are ready to go to market with the API strategy. But, no.
- Once coding is done, the APIs need to be secured via a strong access control mechanism so that only authorized users can get access to the APIs.
- Once access control is implemented, there needs to be a way to manage APIs across its various versions and API lifecycle.
- Associating an SLA with an API is also mostly desired when having an API strategy, allowing the organization to charge for an API according to the SLA desired by the end developer or API consumer organization.
With an API strategy, it is also extremely important to engage developers, either internal or external to the organization. Engaging developers typically includes, allowing developers to access a portal that gives detailed documentation for all the APIs and its methods, allowing developers to try out an API without having to write a single line of code right from the user interface of the portal itself and finally allowing developers to register their application and sign up for an SLA plan associated with an API. Once such a developer portal is in place, it is essential for an organization implementing the API strategy to get detailed metrics associated with each and every activity associated with API and its access so that the progress made towards the business objectives envisioned in the API strategy can be measured.
The API Manager component in ColdFusion (2016 release) covers all the needs associated with securing APIs, managing APIs, engaging developers and also measuring the impact of APIs – all through the extremely easy to use and yet powerful feature set available for API Manager. In essence, you can take your APIs from concept to production with ease with the API Manager that takes care of a majority of associated requirements before you go live with your API strategy.
The Admin portal available with the API Manager lets you define the ColdFusion discovery server. Once such a ColdFusion discovery server is set, you can readily import REST services defined in the ColdFusion server with just a single click. With minimal configuration, you can readily publish the APIs associated.
It is also possible to install API Manager and ColdFusion server as a part of the same JVM (Java Virtual Machine) so that the API Manager starts and stops along with the start and stop of the ColdFusion server.
There are three roles associated with API Manager.
- Administrator – responsible for configuring the API Manager.
- Publisher – responsible for publishing the APIs.
- Subscriber – responsible for trying out and signing up for an API.
There is a detailed analytics dashboard available for each of the three roles described above. A whole range of metrics are tracked such as API name, version, request method, data in, data out, timestamp and SLA used. The dashboard is also completely customizable for both the publisher and administrator.
The API Manager allows you to create multiple versions of an API with ease by copying all the settings of the previous version onto the newer version so that only the difference between the two APIs can be configured at the API Manager portal. API Manager also lets you flag an API as draft, published, deprecated, and retired. Corresponding notiifcations are sent to developers who are subscribed to deprecated or retired versions of the API.
The API Manager allows you to use basic authentication, API key, OAuth and OAuth with SAML as the various mechanisms for enforcing access control.
Basic authentication involves username and password for authentication which is compared against a user store configured in the ColdFusion administrator. API Manager has a mechanism to generate API keys for each of the application that is registered by the developer to authenticate the access of the developer for a particular API. API Manager also supports OAuth mechanism to generate tokens instead of the actual keys for access control via the built-in OAuth server in API Manager. It is also possible to link a SAML based server with the OAuth server where the SAML server will be used as the authorization server for token exchange mechanism.
The API Manager lets you define various SLAs for rate limiting and throttling. These limits can be used to restrict access to an API beyond a certain number of times the API is accessed per unit of time selected. While rate limiting is typically for a shorter limit of time, second or minute, throttling applies to a much larger unit of time, such as a day or a month.
It is also possible to set these limits as hard and soft. For soft limits, a notification is sent beyond a certain pre-configured notification limit.
The developer portal that comes packaged with the API Manager lets the subscribers or end developers to register their applications, view all the documentation associated with each of the API, try out the APIs from the user interface itself without having to write any line of code, sign up for the APIs for the pre-defined SLAs associated and view detailed analytics for the API usage by the developer.
Adobe ColdFusion (2016 release) provides features for large scale enterprise deployment of web applications with a focus on security, high performance and scalability enhancement.. ColdFusion (2016 release) also continues to provide various features that integrate with other enterprise technologies making ColdFusion the enterprise hub that it continues to be.
ColdFusion (2016 release) comes with a built-in security analyzer that can scan large ColdFusion projects with very high number of lines of code to point out any security vulnerabilities that the code is prone to. This is particularly useful when there is a large code base that is being maintained from a long time. A simple scan with ColdFusion Builder (2016 release) supported by the ColdFusion (2016 release) server provides a detailed report for a particular ColdFusion Builder project, folder or file.
The security analyzer covers all the common vulnerabilites that CFML code is vulnerable to. It points out the correct line number that can be jumped to, the vulnerabilty detail and also potential ways to remidiate the vulnerability.
ColdFusion (2016 release) now supports Microsoft’s NTLM authentication on CFSHAREPOINT, CFOBJECT and CFINVOKE tags. With this, sharepoint intergration feature set of ColdFusion can now be used with NTLM authentication, just as web services authentication enabled through NTLM authentication.
ColdFusion (2016 release) now supports PDF/A-2b standard for archiving a PDF. PDFs are archived to ensure that the PDF becomes a self contained document that can be opened with any future version of Acrobat Reader, without any issues.
ColdFusion (2016 release) has a wide array of performance improvements made to the runtime including array access, cached queries, and scope search. Because of these enhancments, your existing applications, when upgraded to ColdFusion (2016 release), will run up to 30% faster.
The CFPDF tag now has the functionality to redact a PDF. Redaction is used to secure sensitive information in a PDF from being visible to non authorized users. Given a set of co-ordinates for a paricular PDF, the content within those co-ordinates will be redacted making the content completely invisible in the resulting PDF file.
ColdFusion (2016 release) gives you the ability to store the session scope in an external and distributed high performing cache. This has a direct bearing on high scalability that can be achieved with ColdFusion (2016 release) when there are a large number of users simultanoeusly accessing ColdFusion (2016 release) with all information about the users being stored in the session.
ColdFusion (2016 release)’s API Manager allows to set up caching for your APIs, the result being higher throughput and reduced response times. The cache is completely configurable via the administrator portal. Caching can be enabled at individual methods of an API by just enabling caching on that method.
ColdFusion (2016 release)’s API Manager can scale up to meet the needs of any enterprise deployment. It has been tested for high scalability and low latency across varied loads.
API Manager can be set up as a cluster to achieve high scalability. The API Manager can also act as a load balancer using which you can configure the way in which end point URLs of the APIs are hit. Once multiple end point URLs are configured, you can choose either the round-robin or weighted round-robin algorithm to access the end points. The built-in data store and analytics store can be further tuned for high scalability and performance needs.
All the benefits of API Manager apply to SOAP APIs as well. By just providing the WSDL file, SOAP APIs can be imported onto the API Manager in just a few clicks. Once imported, access control mechanism, SLAs, caching can all be configured via the intuitive user interface of the API Manager portal.
There is no need to manually reconfigure connectors once an update or hot fix related to connectors is applied. ColdFusion (2016 release) will take care of this for you. It is also possbile to now configure custom connector settings for individual sites configured on the ColdFusion (2016 release) server.
You can now programatically attach and extract attachments to a PDF file. The comments in a PDF file can be exported on to a XFDF file or vice versa. The meta data on the PDF file can also be exported to a XMP file or vice versa thus ensuring a standard meta data on all the PDFs produced by an organization. ColdFusion (2016 release) also allows you to apply stamps on to a PDF file. You can choose from the predefined set or create your own custom stamp as well.
ColdFusion has always been about providing developers with features that enhance their productivity. ColdFusion (2016 release) continues to drive the same theme forward by new features that help developers build their applications quickly.
Adobe ColdFusion (2016 release) comes with all the new command line interface using which it is now possible to run CFML scripts locally without having the need to run the ColdFusion server. This will open up a new window of opportunity for CFML for all the scripting needs that the developers may have. Ability to work with files, databases, email, and even invoke web services are all supported via the command line interface. Arguments and named arguments can also be passed to the command line interface.
With every version of ColdFusion, CFML as a language is enhanced and ColdFusion (2016 release) is no excpetion. Some of the major enhancements include,
Safe Navigation Operator
Safe navigation operator is used as a short hand operator that can get rid of isDefined or NULL checks in the code. It executes the right hand side of the safe navigation operator (?.) only if the object in question is not null and is defined.
Insertion Order Struct
You can now create Structs that maintain the insertion order of elements while iterating over the structs.
Settings to improve performance
Two new settings passArrayByReference and searchImplicitScopes have been introduced. The first one passes the array by reference for the application when this feature has been turned on. The second one bypasses searching for a variable in the implicit scopes thus finding the variables defined in the application faster.
There are various other enhancements to CFML and these have been listed in the documentation for ColdFusion (2016 release).
ColdFusion developers can now perform a one time configuration at the API Manager portal to publish a SOAP service as a REST service without having to change a single line of code. API Manager is smart enough to accept a REST request, construct a SOAP envelope for the backend and convert the SOAP response back from the service into a REST response.
Additional set of meta data have been introduced for REST services so that ColdFusion can generate a swagger document for the REST service defined in the document. ColdFusion (2016 release) will auto generate such a REST description file.
This article at best provides a quick introduction to the vast feature set of ColdFusion (2016 release). Refer other articles on Adobe Developer Connection that focus on specific features of ColdFusion (2016 release) for a deep dive. You can visit the online ColdFusion (2016 release) documentation to get more information. There are various blog posts on the Adobe ColdFusion blog (http://blogs.coldfusion.com ) that you can read to get more information.