Re: [soaplite] Sending a serialized body
- Hi, Weidong!
Interesting question. First of all, send_receive function WILL NOT
change anything inside the envelope by itself. At the same time, I
would NOT advise you to sign whole Body of the SOAP message for a
number of reasons. First of all, if you have a choice, sign the
content only. If you do NOT have a choice, you can sign content with
XML markup as a fragment, but to do this, you should do normalization
and canonicalization transformations before signing and before
checking signature. There is no guarantee that XML will be delivered
in the same view as it's generated, so according to XML-signature
spec  set of rules apply here. If you still want to sgn XML
gragment, I would rather recommend you to generate that fragment with
SOAP::Serializer->serialize() method if possible and then insert it
as a parameter with: SOAP::Data->type(xml =>
$what_was_generated_by_serializer). serialize() method will generate
content, you sign it and insert as is using 'xml' pseudo-type along
with headers that have this signature inside. Let me know whether it
works for you. My answers can be slow, I'm still at the conference
and have occasional access to my email.
Best wishes, Paul.
--- Weidong Wang <wwang@...> wrote:
> I asked this question before and was told that I will have to use__________________________________________________
> the undocmented send_receive function. But there is better and
> easier way to return complex data. That works fine.
> Now I have a real need. I need to put the body together, serialize
> it so that I can digitally sign it to get a signature. This
> signature is then put into the header part (the idea is to
> authenticate the sender and to ensure the integrity of the body).
> I suppose I can just return as normal (putting data in the return
> clause), hoping that the serializer will produce exactly the same
> body (otherwise the signature cannot be verified), or I will have
> to use the send_receive function to send the header and body.
> But there is no guarrantee that send_receive function will not
> change, so it is risky to use it.
> I would like to know what is the right way to do in this situation.
> Is there a way to use return and tell it to accep tthe body part as
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger