Loading ...
Sorry, an error occurred while loading the content.

SOAP servers that manage and react to cookies

Expand Messages
  • Randy J. Ray
    I m trying to do some cookie-authentication exercise code, only I m not sure how that server-side gets and manages the cookies. Or rather, I can see where the
    Message 1 of 2 , May 14 1:42 AM
    • 0 Attachment
      I'm trying to do some cookie-authentication exercise code, only I'm not sure
      how that server-side gets and manages the cookies. Or rather, I can see where
      the cookies would be available to the HTTP code such as *::HTTP::Daemon, but I
      don't see how (or even if) the cookie data can be accessed by the routines
      that the server dispatches to. In other words, if I have a class that loads
      user data from a database, but should only do so if the cookie is correct,
      then how does the method that loads from the database see the cookie? It
      doesn't appear to be in the SOAP::SOM object that I can get from the parameter
      list when my class inherits from SOAP::Server::Parameters. I know that the
      SOAP server at use.perl.org is doing cookie-based auth, but I stumped.

      Randy
      --
      """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
      Randy J. Ray rjray@...
      Campbell, CA rjray@...
      <A HREF="http://www.svsm.org">Silicon Valley Scale Modelers</A>
    • Duncan Cameron
      ... You re right, the SOAP::SOM object doesn t include the http information. One possible solution is to extend the approach of inheriting from
      Message 2 of 2 , May 14 3:54 AM
      • 0 Attachment
        On 2002-05-14 Randy J. Ray wrote:
        >I'm trying to do some cookie-authentication exercise code, only I'm not sure
        >how that server-side gets and manages the cookies. Or rather, I can see where
        >the cookies would be available to the HTTP code such as *::HTTP::Daemon, but I
        >don't see how (or even if) the cookie data can be accessed by the routines
        >that the server dispatches to. In other words, if I have a class that loads
        >user data from a database, but should only do so if the cookie is correct,
        >then how does the method that loads from the database see the cookie? It
        >doesn't appear to be in the SOAP::SOM object that I can get from the parameter
        >list when my class inherits from SOAP::Server::Parameters. I know that the
        >SOAP server at use.perl.org is doing cookie-based auth, but I stumped.
        >
        >
        You're right, the SOAP::SOM object doesn't include the http information. One possible
        solution is to extend the approach of inheriting from SOAP::Server::Parameters to also
        pass the transport object. This requires the transport object to be passed up from the
        SOAP::Transport::HTTP::Server to SOAP::Server and then passed to the called method
        where it would be available by pop();

        In SOAP::Transport::HTTP::Server:

        my $response = $self->SUPER::handle(
        $self->request->content_type =~ m!^multipart/!
        ? join("\n", $self->request->headers_as_string, $content) : $content,
        $self->request
        ) or return;

        In SOAP::Server:

        my $trrequest = $_[1];

        push @parameters, $request if UNIVERSAL::isa($class => 'SOAP::Server::Parameters');
        push @parameters, $trrequest if UNIVERSAL::isa($class => 'SOAP::Server::Parameters');

        (or maybe inherit from a different class to avoid affecting existing code?)

        In the despatched method:

        my $request = pop;
        my $envelope = pop;
        print $request->protocol;
        print $request->headers_as_string;

        This seems to work and should give you access to the cookie headers.
        Of course, the other approach is to extract the cookie headers in your server and store
        them as global variables.

        Regards,
        Duncan Cameron
      Your message has been successfully submitted and would be delivered to recipients shortly.