configure servlet with coldfusion

Major difference from ColdFusion 9 to ColdFusion 10 is the underlying architecture. ColdFusion 9 uses JRun as the underlying architecture, whereas ColdFusion 10 and higher version use Tomcat.

Due to this, the way servlets used to configure has changed slightly. Configuring servlet with ColdFusion 10 and later versions is no more a challenge. Here is a sample servlet to test the functionality. Here are the steps to implement:-

1. Place the Servlet.cfm in your webroot of your application.
2. Place the NewServlet.class file at \ColdFusion10\cfusion\wwwroot\WEB-INF\classes\. If the class file doesn’t work, then compile the NewServlet.java with java 7 and place the compiled class file at the mentioned location.
3. Add the following in \ColdFusion10\cfusion\wwwroot\WEB-INF\web.xml and save the file.

<servlet>

<description></description>

<display-name>NewServlet</display-name>

<servlet-name>NewServlet</servlet-name>

<servlet-class>NewServlet</servlet-class>

</servlet>

<servlet-mapping>

<servlet-name>NewServlet</servlet-name>

<url-pattern>/NewServlet</url-pattern>

</servlet-mapping>

4.  Restart the “ColdFusion 10 Application Service” and browse to http://ip:port/NewServlet.cfm (This is not the internal port, but your website port). Default port is 80.

If the web page appears as mentioned below, then it confirms the Servlet functionality. Now you are good to go ahead and test your servlets.

The same steps are applicable for ColdFusion 11 as well.

Note: – If you get Error 500 after applying the steps, then the problem is with your ColdFusion JRE version. Compile the NewServlet.java with the Java version, same as of your ColdFusion or higher.

How to create Service for ColdFusion

Ever landed into a situation, where the installation or instance creation was successful, but ColdFusion Service was not created on windows. Don’t, panic. Here is the tweak.

1. Launch Command prompt as Administrator
2. Run this command sc create “ColdFusion 11 Application Server” binPath= C:\ColdFusion11\cfusion\bin\coldfusionsvc.exe start= auto DisplayName= “ColdFusion 11 Application Server”

Now you will be able to locate your instance through the Windows Services Manager. For ColdFusion 10, replace “11” with “10” in the above command. For specific instance the instance name should be appended. Say the instance name is CF11, then the command changes to

sc create “ColdFusion 11 Application Server CF11” binPath= C:\ColdFusion11\CF11\bin\coldfusionsvc.exe start= auto DisplayName= “ColdFusion 11 Application Server CF11”

coldfusion 11 installation

I know that its late for this post, however, I just assisted one of the users recently with ColdFusion 11 installation. This led me to the conclusion, that, there are still users who haven’t upgraded to ColdFusion 11 or are in a process of.

Installation for ColdFusion is not complicated, and the installer screens are self explanatory. However, there are changes in ColdFusion 11 process. Adobe’s document https://wikidocs.adobe.com/wiki/display/coldfusionen/Understanding+ColdFusion+Server+Profiles explains the difference of various profiles introduced in ColdFusion 11. Three profiles are introduced namely – Development profile, Production profile and Production profile (secure).

Depending on the type of profile selected during the installation, the server will be automatically configured with the appropriate settings. Choose the right profile in the installer:

The following table shows the difference between the 3 supported Server profiles:

Feature	Development Profile	Production Profile	Production Profile (Secure)
Support for all types of debugging	Yes	No	No
Support for remote inspection	Yes	No	No
Support for strict enforcement of complex passwords	No	Yes	Yes
Support for remote start/stop	Yes	No	No
Support for Weinre and other bundled servers (For instance, Node.js)	Yes	No	No
Support for enabling unused servlets	Yes	No	No
Support for Secure Profile.	No	No	Yes

Need help for installation, these two demos will definitely help you to get going.

ColdFusion 11 Installation – Developer Profile

ColdFusion 11 Installation – Production Profile

ColdFusion server hacked or Server compromised

We understand that your sever might have been compromised. It’s a situation critical and there are some preventive measures, which should be taken. First of all scan your site at http://hackmycf.com/. If the scan report shows any vulnerability, then contact Adobe Product Security Incident Response Team at PSIRT(at)adobe(dot)com with the scan results.

What you can try at your end

There are few sanity checks, which may help you. Not to fix your application against the vulnerability, however, to identify whether the server is compromised or not.

You can try the following:-

1. Check the application.cfm and remove any unwanted code added by this attack.
2. Check if there are any unwanted files in your web root or in /CFIDE directory and remove them if present. This means that if there are h.cfm or i.cfm or any other unwanted files present, please remove them immediately.
3. Also see if there is any unwanted modification to any of your files. You should be able to find that by looking at the timestamp of the files and remove the unwanted code added by this attack.
4. Check if there is any unwanted scheduled task created in the administrator. If there is any, please remove that immediately.
5. Once done with the above steps, please go through the latest Security bulletin http://helpx.adobe.com/security.html#coldfusion.

Adobe recommends, ColdFusion customers should update their installation using the instructions provided in the technote (as on today) http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-27.html.

 It is also recommended that you apply the Lockdown guide on your server.

Some quick links

ColdFusion 11 lockdown guide: – http://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf11/cf11-lockdown-guide.pdf

ColdFusion 10 lockdown guide: – http://wwwimages.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf10/cf10-lockdown-guide.pdf

ColdFusion 9 lockdown guide: – http://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdf

Note: – All the above suggestions are some preliminary ones and there could be other action items as well.

Migration wizard in ColdFusion

Missed the migration wizard and now can’t migrate the settings.

This article will help you. In case, you skipped it and now are looking for options to run the migration wizard again, you are at the correct place.

Adobe ColdFusion allows you to migrate your settings after the installation itself. There are a lot of settings such as Data Sources, Scheduled Tasks, Web Services etc. within the ColdFusion Administrator or the CF Admin. Migration helps to preserve these settings from old CF installation to the new CF installation. This saves a lot of manual task and lot of time. If you are installing the new CF server on the same server (where you already have the old CF server), then, you will be prompted to “Migrate” the settings after the installation itself. In case the new CF server installation is on a different server then, you can create CAR file. This feature is only available in “Enterprise/Developer” version of ColdFusion 10. But, also available in Enterprise/Standard/Developer for ColdFusion 11 onward (thanks Charlie, for this reminder).

So, in case you have a ColdFusion “Standard” installation or moving to one, then you need to modify the adminconfig.xml within ColdFusion. The location for adminconfig.xml is \ColdFusion9\lib\, \ColdFusion10\cfusion\lib\ and \ColdFusion11\cfusion\lib\ for ColdFusion 9, 10 and 11 respectively.

Say for example, you would like to migrate from ColdFusion 9 to ColdFusion 11. Here are the steps to be followed:-

1. Navigate to adminconfig.xml and open it with text editor (say notepad).
2. Change the value from “false” to “true” at
   <runsetupwizard>false</runsetupwizard>
   <runmigrationwizard>false</runmigrationwizard> and
   <migratecf9>false</migratecf9>
3. Save the file and restart ColdFusion Service.
4. After restarting the service, you will get the migration wizard. Follow the on-screen instructions to continue.

Happy Migration.

Note:- You can migrate the settings automatically through the wizard, only from two versions back of Adobe ColdFusion. Also, the migration wizard is only helpful, if you have the both (old CF installation and new CF installation) the CF installations on the same server.