4643Re: [soaplite] Accessing HTTP Auth from a SOAP service
- May 4, 2005On Tue, May 03, 2005 at 11:12:12PM -0500, Jay A. Kreibich wrote:
> On Mon, May 02, 2005 at 01:41:13PM -0000, Paul TBBle Hampson scratched on the wall:OK, fair point and well taken.
> > I'm creating a SOAP service which I want to
> > username/password protect, against the database
> > the service modifies.
> > It seems to me that the easiest way to do this
> > would be to have access to the username/password
> > sent in by the client via HTTP basic auth
> > available somehow to the eventual perl functions.
> I would actually say this isn't the way to do this. You are mating
> application requirements (e.g. the need to have auth/auth info
> associated with the SOAP transaction) with the particular transport
> option (e.g. HTTP[S]). Even if you never plan on supporting anything
> except HTTP[S], it is the wrong layer to be putting this information
> into. If the auth/auth info is part of the SOAP transaction, it
> should be included in the SOAP message, and not the transport layer.
> There is also the issue that adding HTTP header information is
> difficult, if not impossible, with many existing SOAP libraries
> (SOAP::Lite not included).
> I would suggest you look at SOAP Headers, rather than HTTP headers.
I've found the '@ISA' thing that lets me pop the SOM out of @_ at the
start of every function, so I'm guessing I just call ->headers on that,
and skip happily through that array until I find the custom headers
So I guess the main thing is, do I have to worry about namespace
clashes with other things using the SOAP Headers, or should I just define
my own namespace? Of course, I'm not too clear on how the latter works.
Paul "TBBle" Hampson, on an alternate email client.
- << Previous post in topic Next post in topic >>