AW: [Xml-compile] Transport::SOAPHTTP header option

Patrick Powell papowell at astart.com
Tue Nov 29 15:38:49 GMT 2011 

On 11/29/11 06:39, Michael Ludwig wrote:
>> Von: Mark Overmeer [mailto:mark at overmeer.net]
>> Gesendet: Montag, 28. November 2011 22:08
>> It is a recurring question. I have now taken your example, Michael, and
>> extended it a bit for the XML::Compile::SOAP::FAQ  This is the text I
>> have now... Comments?
> Great - please see my additions inline.
>
> Best,
>
> Michael
>
>> =head3 Adding HTTP headers
>>
>> Some applications require to add headers to the HTTP headers sent or
>> check headers which are received. SOAP is not about HTTP, so you have
>> to dive deeper in the underlaying constructs; you have to construct the
>> code references in more steps, not using the auto-generation mechanisms
>> of some objects, by default hidden to you.
>    A typical example of such a need for control is interfacing to a
>    web service that requires the client to use cookies in order to
>    store an authentication token obtained from some kind of login call
>    and to be producent on subsequented requests to protected calls.
>
>> The ::WSDL11 module detects that the soap-http protocol is needed.
>> (There is also a pure http protocol defined in the SOAP spec, which
>> is never used)  When the operation gets compiled (with compileClient),
>    ----------->  .<---
>
>> the ::SOAPHTTP module is used to create the soap-http specific message
>> transport logic.

>> On its turn,
???  In turn, ????
>> that module uses LWP to do the actual
>> HTTP exchange. To be able to access the in- and outgoing messages,
>> you have to reach to that LWP::UserAgent.
>>
>> Michael Ludwig contributed the following example (slightly adapted)
>>
>>    my $ua = LWP::UserAgent->new;
>>
>>    # First the HTTP logic
>>    # defaults when SSL is used
>>    $ua->ssl_opts(verify_hostname =>  0, keep_alive =>  1);
> Actually, I put verify_hostname just as an example. Let's say that
> for developing you're dealing with a test server featuring a self-
> signed certificate ... then such action is needed.
>
> As for keep_alive, I think it's generally a good idea if you intend
> to make more than one call.
>
> Not sure what you intend your comment above the statement to convey,
> though ...
>
>>    # Auto-use cookies
>>    $ua->cookie_jar( {file =>  $my_jar_file
>>      , autosave =>  1, ignore_discard =>  1 });
>>
>>    # Now, we need the SOAP logic
>>    my $trans = XML::Compile::Transport::SOAPHTTP
>>      ->new(user_agent =>  $ua, timeout =>  10, address =>  $srv_url);
>>
>>    # Finally the message, with explicit transporter
>>    my $call = $wsdl->compileClient($opname, transport =>  $trans);
>>
>>    # $answer is the decoded XML content.
>>    my($answer, $trace) = $call->( \%parms );
>>
>>    # If you need headers from the response HTTP headers.
>>    my $http_response = $trace->response;
>>    print $http_response->header('X-Secret');
>>
>> You may know the C<$srv_url>  to get the address of the server, but
>> you can also ask the operation itself. Here a different implementation:
>>
>>    my $op    = $wsdl->operation($opname);
>>    my $srv   = ($op->addresses)[0];
>>    my $trans = XML::Compile::Transport::SOAPHTTP->new(address =>  $srv);
>>
>>    # Now configure the userAgent
>>    my $ua    = $trans->userAgent;
>>    ...
>>
>>    my $call  = $op->compileClient(transport =>  $trans);
>>    ...
>>
>> The L<LWP::UserAgent>  has many useful hooks (<i>Handlers</i>), for
>> instance C<request_send>  and C<response_done>.
> Indeed ... can't believe I've remained unaware of them for such a
> long time!
>
> Thanks for this fine library.
>
> Michael
>
> _______________________________________________
> Xml-compile mailing list
> Xml-compile at lists.scsys.co.uk
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/xml-compile
>
>
Very nice!

This handy when you need to add headers based on the XML
in the message.  For example,  you might need to add a header whose
value is the hash of the XML together with some 'shared secret'.  This
would detect any modifications to the XML message, assuming of course
that your hash generation algorithm was 'strong', your shared secret was
secret, etc. etc.   The client side implementation of this is pretty simple
as shown by the examples above,  but the server side was a bit more complex.

By the way,  the 'trace' object allows you to get the response XML and 
headers
so that you can do the same type of checks on the response as well as 
the request.

-- 
Patrick Powell                 Astart Technologies
papowell at astart.com            1530 Jamacha Road, Suite X,
Network and System             San Diego, CA 92019
   Consulting                   858-874-6543
Web Site: www.astart.com

More information about the Xml-compile mailing list