Loading ...
Sorry, an error occurred while loading the content.

Access to HTTP headers from CGI server

Expand Messages
  • Byrne Reese
    I am trying to use SOAP::Lite as a proxy of sorts. What I would like to do is pass through the HTTP Authorization credentials recieved by a SOAP::Lite CGI
    Message 1 of 7 , Nov 19, 2002
    • 0 Attachment
      I am trying to use SOAP::Lite as a proxy of sorts. What I would like to
      do is pass through the HTTP Authorization credentials recieved by a
      SOAP::Lite CGI script/server onto another service that I am proxying to.

      However, I don't see how it is possible to mine the HTTP Headers for
      this information. Here is what I have:

      use SOAP::Transport::HTTP;

      SOAP::Transport::HTTP::CGI
      ->dispatch_to('SessionReport')
      ->handle();

      BEGIN {
      package SessionReport;
      use strict;
      use vars qw(@ISA);
      @ISA = qw(SOAP::Server::Parameters);
      sub getSessionReport {
      my $self = shift;
      my $envelope = pop;
      # do my thing
      # Where can I get a handle to the HTTP layer from here?
      }
      }

      Notice the comments. Alternatively, it would be cool if the cgi at the
      top level could pass additional parameters into the subroutine handling
      the request. For example:

      SOAP::Transport::HTTP::CGI
      ->dispatch_to('SessionReport')
      ->handle("foo","bar");

      Because I am pretty sure I could do this:

      SOAP::Transport::HTTP::CGI
      ->dispatch_to('SessionReport')
      ->handle(SOAP::Transport::HTTP::CGI->request->headers());

      Thoughts?

      --
      Byrne Reese <breese@...>
      Grand Central Communications
    • Randy J. Ray
      ... I do this in some of the examples in my upcoming book, Programming Web Services with Perl . The nutshell explanation is that you need to sub-class
      Message 2 of 7 , Nov 20, 2002
      • 0 Attachment
        On 2002.11.19 16:18 Byrne Reese wrote:

        > I am trying to use SOAP::Lite as a proxy of sorts. What I would like to
        > do is pass through the HTTP Authorization credentials recieved by a
        > SOAP::Lite CGI script/server onto another service that I am proxying to.
        >
        > However, I don't see how it is possible to mine the HTTP Headers for
        > this information.

        I do this in some of the examples in my upcoming book, "Programming Web
        Services with Perl". The nutshell explanation is that you need to sub-class
        SOAP::Transport::HTTP::CGI and overload the "request" method. This method
        receives the HTTP::Request object as the first argument (after the object, of
        course, since this is a method). What I do in the same code is essentially:

        sub request {
        my $self = shift;
        my $req = shift;

        # Fiddle with $req to get the headers I want

        return $self->SUPER::request($req);
        }

        (I actually only shift for $self and manipulate @_ after that, but you get the
        picture.)

        Randy
        --
        rjray@... http://www.rjray.org http://www.svsm.org

        Any spammers auto-extracting addresses from this message will definitely want
        to include uce@... and report@...
      • Paul Kulchenko
        Hi Byrne, ... You can, but it doesn t do what you expect. Still, it should be possible to do what you want even though there is no way to get to it through
        Message 3 of 7 , Nov 20, 2002
        • 0 Attachment
          Hi Byrne,

          > Because I am pretty sure I could do this:
          >
          > SOAP::Transport::HTTP::CGI
          > ->dispatch_to('SessionReport')
          > ->handle(SOAP::Transport::HTTP::CGI->request->headers());
          >
          > Thoughts?
          You can, but it doesn't do what you expect. Still, it should be
          possible to do what you want even though there is no way to get to it
          through method parameters. You may want to look at the message I've
          sent a couple of days ago:
          http://groups.yahoo.com/group/soaplite/message/2090

          From your method you should be able to do then:

          $server->request->headers()....

          Yet it is not thread-safe and it is one of the requirements I'd like
          to address doing the refactoring.

          > Alternatively, it would be cool if the cgi at
          > the
          > top level could pass additional parameters into the subroutine
          > handling the request.
          That's an interesting idea and should be fairly easy to implement.
          Still, rather than allow you to pass any parameters you want I would
          prefer to use one object with the ability to add any keys you want
          (like notes/pnotes in mod_perl) and add only one parameter; in this
          case those methods are much easy to write/maintain and addition of
          new parameters won't break the existing code.

          Best wishes, Paul.

          --- Byrne Reese <breese@...> wrote:
          > I am trying to use SOAP::Lite as a proxy of sorts. What I would
          > like to
          > do is pass through the HTTP Authorization credentials recieved by a
          > SOAP::Lite CGI script/server onto another service that I am
          > proxying to.
          >
          > However, I don't see how it is possible to mine the HTTP Headers
          > for
          > this information. Here is what I have:
          >
          > use SOAP::Transport::HTTP;
          >
          > SOAP::Transport::HTTP::CGI
          > ->dispatch_to('SessionReport')
          > ->handle();
          >
          > BEGIN {
          > package SessionReport;
          > use strict;
          > use vars qw(@ISA);
          > @ISA = qw(SOAP::Server::Parameters);
          > sub getSessionReport {
          > my $self = shift;
          > my $envelope = pop;
          > # do my thing
          > # Where can I get a handle to the HTTP layer from here?
          > }
          > }
          >
          > Notice the comments. Alternatively, it would be cool if the cgi at
          > the
          > top level could pass additional parameters into the subroutine
          > handling
          > the request. For example:
          >
          > SOAP::Transport::HTTP::CGI
          > ->dispatch_to('SessionReport')
          > ->handle("foo","bar");
          >
          > Because I am pretty sure I could do this:
          >
          > SOAP::Transport::HTTP::CGI
          > ->dispatch_to('SessionReport')
          > ->handle(SOAP::Transport::HTTP::CGI->request->headers());
          >
          > Thoughts?
          >
          > --
          > Byrne Reese <breese@...>
          > Grand Central Communications
          >
          > To unsubscribe from this group, send an email to:
          > soaplite-unsubscribe@yahoogroups.com
          >
          >
          >
          > Your use of Yahoo! Groups is subject to
          > http://docs.yahoo.com/info/terms/
          >
          >


          __________________________________________________
          Do you Yahoo!?
          Yahoo! Web Hosting - Let the expert host your site
          http://webhosting.yahoo.com
        • Byrne Reese
          Curious - in the sample you provided, I did as you intructed... however: sub request { my $self = shift; my $req = shift; # Fiddle with $req to get the
          Message 4 of 7 , Nov 20, 2002
          • 0 Attachment
            Curious - in the sample you provided, I did as you intructed... however:

            sub request {
            my $self = shift;
            my $req = shift;
            # Fiddle with $req to get the headers I want
            return $self->SUPER::request($req);
            }

            The $req object - assuming I extending the SOAP::Transport::HTTP::CGI
            package is null. But if I access $self->request then it is not null...
            but the headers object does not contain any data.

            I am having a difficult time figuring out what is going on here.

            Paul's suggestion seems to work though... however, the Authentication
            information has been lost. Is it being consumed by the server is someway
            I wonder?

            I also don't see the Basic credentials in the "SOAP::Lite +trace
            'debug'" output.

            Aaaaaah.

            That's it for tonight - I will revisit this tomorrow.

            On Wed, 2002-11-20 at 13:26, Randy J. Ray wrote:
            > On 2002.11.19 16:18 Byrne Reese wrote:
            >
            > > I am trying to use SOAP::Lite as a proxy of sorts. What I would like to
            > > do is pass through the HTTP Authorization credentials recieved by a
            > > SOAP::Lite CGI script/server onto another service that I am proxying to.
            > >
            > > However, I don't see how it is possible to mine the HTTP Headers for
            > > this information.
            >
            > I do this in some of the examples in my upcoming book, "Programming Web
            > Services with Perl". The nutshell explanation is that you need to sub-class
            > SOAP::Transport::HTTP::CGI and overload the "request" method. This method
            > receives the HTTP::Request object as the first argument (after the object, of
            > course, since this is a method). What I do in the same code is essentially:
            >
            > sub request {
            > my $self = shift;
            > my $req = shift;
            >
            > # Fiddle with $req to get the headers I want
            >
            > return $self->SUPER::request($req);
            > }
            >
            > (I actually only shift for $self and manipulate @_ after that, but you get the
            > picture.)
            >
            > Randy
            --
            Byrne Reese <breese@...>
            Grand Central Communications
          • Paul Kulchenko
            Hi Byrne, ... I m not sure what s hapening in your code, but what was proposed by Randy should work. There is one caveat thought: request()/response() method
            Message 5 of 7 , Nov 20, 2002
            • 0 Attachment
              Hi Byrne,

              > The $req object - assuming I extending the
              > SOAP::Transport::HTTP::CGI
              > package is null. But if I access $self->request then it is not
              > null...
              > but the headers object does not contain any data.
              I'm not sure what's hapening in your code, but what was proposed by
              Randy should work. There is one caveat thought: request()/response()
              method can be called to get and to set data and your code must be
              able to handle that. Here is the template that I would use:

              sub request {
              my $self = shift;
              if (@_) {
              my $req = $_[0];
              # Fiddle with $req to get the headers I want
              }
              return $self->SUPER::request(@_);
              }

              > information has been lost. Is it being consumed by the server is
              > someway I wonder?
              >
              > I also don't see the Basic credentials in the "SOAP::Lite +trace
              > 'debug'" output.
              I'm not sure that you'll be able to access the auth information from
              your CGI script. As far as I remember it's usually not provided for
              security purposes (because environment variables are involved to pass
              that info). You probably need to use mod_perl to get it.

              Best wishes, Paul.

              --- Byrne Reese <breese@...> wrote:
              > Curious - in the sample you provided, I did as you intructed...
              > however:
              >
              > sub request {
              > my $self = shift;
              > my $req = shift;
              > # Fiddle with $req to get the headers I want
              > return $self->SUPER::request($req);
              > }
              >
              > The $req object - assuming I extending the
              > SOAP::Transport::HTTP::CGI
              > package is null. But if I access $self->request then it is not
              > null...
              > but the headers object does not contain any data.
              >
              > I am having a difficult time figuring out what is going on here.
              >
              > Paul's suggestion seems to work though... however, the
              > Authentication
              > information has been lost. Is it being consumed by the server is
              > someway
              > I wonder?
              >
              > I also don't see the Basic credentials in the "SOAP::Lite +trace
              > 'debug'" output.
              >
              > Aaaaaah.
              >
              > That's it for tonight - I will revisit this tomorrow.
              >
              > On Wed, 2002-11-20 at 13:26, Randy J. Ray wrote:
              > > On 2002.11.19 16:18 Byrne Reese wrote:
              > >
              > > > I am trying to use SOAP::Lite as a proxy of sorts. What I would
              > like to
              > > > do is pass through the HTTP Authorization credentials recieved
              > by a
              > > > SOAP::Lite CGI script/server onto another service that I am
              > proxying to.
              > > >
              > > > However, I don't see how it is possible to mine the HTTP
              > Headers for
              > > > this information.
              > >
              > > I do this in some of the examples in my upcoming book,
              > "Programming Web
              > > Services with Perl". The nutshell explanation is that you need to
              > sub-class
              > > SOAP::Transport::HTTP::CGI and overload the "request" method.
              > This method
              > > receives the HTTP::Request object as the first argument (after
              > the object, of
              > > course, since this is a method). What I do in the same code is
              > essentially:
              > >
              > > sub request {
              > > my $self = shift;
              > > my $req = shift;
              > >
              > > # Fiddle with $req to get the headers I want
              > >
              > > return $self->SUPER::request($req);
              > > }
              > >
              > > (I actually only shift for $self and manipulate @_ after that,
              > but you get the
              > > picture.)
              > >
              > > Randy
              > --
              > Byrne Reese <breese@...>
              > Grand Central Communications
              >
              > ------------------------ Yahoo! Groups Sponsor
              >
              > To unsubscribe from this group, send an email to:
              > soaplite-unsubscribe@yahoogroups.com
              >
              >
              >
              > Your use of Yahoo! Groups is subject to
              > http://docs.yahoo.com/info/terms/
              >
              >


              __________________________________________________
              Do you Yahoo!?
              Yahoo! Mail Plus � Powerful. Affordable. Sign up now.
              http://mailplus.yahoo.com
            • Byrne Reese
              ... Let me try that. It makes complete sense that the Web server would consume this data. However, SOAP::Lite does not display the Auth header in its trace
              Message 6 of 7 , Nov 21, 2002
              • 0 Attachment
                On Wed, 2002-11-20 at 22:59, Paul Kulchenko wrote:
                > Hi Byrne,
                >
                > > The $req object - assuming I extending the
                > > SOAP::Transport::HTTP::CGI
                > > package is null. But if I access $self->request then it is not
                > > null...
                > > but the headers object does not contain any data.
                > I'm not sure what's hapening in your code, but what was proposed by
                > Randy should work. There is one caveat thought: request()/response()
                > method can be called to get and to set data and your code must be
                > able to handle that. Here is the template that I would use:

                Let me try that. It makes complete sense that the Web server would
                consume this data. However, SOAP::Lite does not display the Auth header
                in its trace data either - I imagine that is done on purpose for the
                same security reasons.

                mod_perl seems like the way to go here - I agree. Darn. Oh well.

                > sub request {
                > my $self = shift;
                > if (@_) {
                > my $req = $_[0];
                > # Fiddle with $req to get the headers I want
                > }
                > return $self->SUPER::request(@_);
                > }
                >
                > > information has been lost. Is it being consumed by the server is
                > > someway I wonder?
                > >
                > > I also don't see the Basic credentials in the "SOAP::Lite +trace
                > > 'debug'" output.
                > I'm not sure that you'll be able to access the auth information from
                > your CGI script. As far as I remember it's usually not provided for
                > security purposes (because environment variables are involved to pass
                > that info). You probably need to use mod_perl to get it.
                >
                > Best wishes, Paul.
                >
                > --- Byrne Reese <breese@...> wrote:
                > > Curious - in the sample you provided, I did as you intructed...
                > > however:
                > >
                > > sub request {
                > > my $self = shift;
                > > my $req = shift;
                > > # Fiddle with $req to get the headers I want
                > > return $self->SUPER::request($req);
                > > }
                > >
                > > The $req object - assuming I extending the
                > > SOAP::Transport::HTTP::CGI
                > > package is null. But if I access $self->request then it is not
                > > null...
                > > but the headers object does not contain any data.
                > >
                > > I am having a difficult time figuring out what is going on here.
                > >
                > > Paul's suggestion seems to work though... however, the
                > > Authentication
                > > information has been lost. Is it being consumed by the server is
                > > someway
                > > I wonder?
                > >
                > > I also don't see the Basic credentials in the "SOAP::Lite +trace
                > > 'debug'" output.
                > >
                > > Aaaaaah.
                > >
                > > That's it for tonight - I will revisit this tomorrow.
                > >
                > > On Wed, 2002-11-20 at 13:26, Randy J. Ray wrote:
                > > > On 2002.11.19 16:18 Byrne Reese wrote:
                > > >
                > > > > I am trying to use SOAP::Lite as a proxy of sorts. What I would
                > > like to
                > > > > do is pass through the HTTP Authorization credentials recieved
                > > by a
                > > > > SOAP::Lite CGI script/server onto another service that I am
                > > proxying to.
                > > > >
                > > > > However, I don't see how it is possible to mine the HTTP
                > > Headers for
                > > > > this information.
                > > >
                > > > I do this in some of the examples in my upcoming book,
                > > "Programming Web
                > > > Services with Perl". The nutshell explanation is that you need to
                > > sub-class
                > > > SOAP::Transport::HTTP::CGI and overload the "request" method.
                > > This method
                > > > receives the HTTP::Request object as the first argument (after
                > > the object, of
                > > > course, since this is a method). What I do in the same code is
                > > essentially:
                > > >
                > > > sub request {
                > > > my $self = shift;
                > > > my $req = shift;
                > > >
                > > > # Fiddle with $req to get the headers I want
                > > >
                > > > return $self->SUPER::request($req);
                > > > }
                > > >
                > > > (I actually only shift for $self and manipulate @_ after that,
                > > but you get the
                > > > picture.)
                > > >
                > > > Randy
                > > --
                > > Byrne Reese <breese@...>
                > > Grand Central Communications
                > >
                > > ------------------------ Yahoo! Groups Sponsor
                > >
                > > To unsubscribe from this group, send an email to:
                > > soaplite-unsubscribe@yahoogroups.com
                > >
                > >
                > >
                > > Your use of Yahoo! Groups is subject to
                > > http://docs.yahoo.com/info/terms/
                > >
                > >
                >
                >
                > __________________________________________________
                > Do you Yahoo!?
                > Yahoo! Mail Plus Powerful. Affordable. Sign up now.
                > http://mailplus.yahoo.com
                --
                Byrne Reese <breese@...>
                Grand Central Communications
              • Paul Kulchenko
                Hi Byrne, ... Yes and no ;). The trace data shows the information from Request object, and the auth headers will be added by LWP::UserAgent right before the
                Message 7 of 7 , Nov 21, 2002
                • 0 Attachment
                  Hi Byrne,

                  --- Byrne Reese <breese@...> wrote:
                  > Let me try that. It makes complete sense that the Web server would
                  > consume this data. However, SOAP::Lite does not display the Auth
                  > header
                  > in its trace data either - I imagine that is done on purpose for
                  > the same security reasons.
                  Yes and no ;). The trace data shows the information from Request
                  object, and the auth headers will be added by LWP::UserAgent right
                  before the request is made (you should be able to see it in LWP
                  debug).

                  > mod_perl seems like the way to go here - I agree. Darn. Oh well.
                  It might be still possible to use your CGI script; you just need to
                  write a mod_perl handler to store auth info in environment variable.
                  It's quite possible that such a handler already exists.

                  Best wishes, Paul.

                  __________________________________________________
                  Do you Yahoo!?
                  Yahoo! Mail Plus � Powerful. Affordable. Sign up now.
                  http://mailplus.yahoo.com
                Your message has been successfully submitted and would be delivered to recipients shortly.