Loading ...
Sorry, an error occurred while loading the content.

4631Re: [soaplite] Accessing HTTP Auth from a SOAP service

Expand Messages
  • Jay A. Kreibich
    May 3 9:12 PM
    • 0 Attachment
      On Mon, May 02, 2005 at 01:41:13PM -0000, Paul TBBle Hampson scratched on the wall:
      > I'm creating a SOAP service which I want to
      > username/password protect, against the database
      > the service modifies.
      >
      > It seems to me that the easiest way to do this
      > would be to have access to the username/password
      > sent in by the client via HTTP basic auth
      > available somehow to the eventual perl functions.

      I would actually say this isn't the way to do this. You are mating
      application requirements (e.g. the need to have auth/auth info
      associated with the SOAP transaction) with the particular transport
      option (e.g. HTTP[S]). Even if you never plan on supporting anything
      except HTTP[S], it is the wrong layer to be putting this information
      into. If the auth/auth info is part of the SOAP transaction, it
      should be included in the SOAP message, and not the transport layer.

      There is also the issue that adding HTTP header information is
      difficult, if not impossible, with many existing SOAP libraries
      (SOAP::Lite not included).

      I would suggest you look at SOAP Headers, rather than HTTP headers.

      -j

      --
      Jay A. Kreibich | CommTech, Emrg Net Tech Svcs
      jak@... | Campus IT & Edu Svcs
      <http://www.uiuc.edu/~jak> | University of Illinois at U/C
    • Show all 8 messages in this topic