comment on

I was going to point you to the security link, but tilly beat me to it. When you say that your $object is just a simple blessed hash, well, isn't that what all Perl objects are, simple blessed thingies? You aren't trying to pass the database handle back inside your SOAP object, are you?

Here an example that uses mod_soap, if you are not using mod_soap then i recommend you take a look at it. First, my Apache http.conf directive to make mod_soap autodispatch:

<Location /mod_soap>
   SetHandler perl-script
   PerlHandler Apache::SOAP
   PerlSetVar dispatch_to "/usr/local/apache/lib/soap"
</Location>
[download]

Next, the dispatch object code - Factory.pm:

package Factory;

use strict;
use DBI;

my $dbh = DBI->connect(
   qw(DBI:vendor:database:host user pass),
   { RaiseError => 1}
);

sub instantiate { 
   my ($self,$package,$id) = @_; 

   my $sth = $dbh->selectall_arrayref('
      select title,artist,year
      from songs
      where id = ?
   ',undef,$id)->[0];

   my $obj = eval { $package->new($id,@$sth) };
   return $@ ? undef : $obj;
}

package My::User;

use strict;

sub new {
   my ($class,$id,$title,$artist,$year) = @_;
   my $self = {
      id     => $id,
      title  => $title,
      artist => $artist,
      year   => $year,
   };
   return bless $self,$class;
}

# this will be discussed later ...
sub foo { 'foo' }

1;
[download]

And finally, the client:

use strict;

use SOAP::Lite;
use Data::Dumper;

my $soap = SOAP::Lite
   ->uri("http://127.0.0.1/Factory")
   ->proxy("http://127.0.0.1/mod_soap");

my $object = $soap->instantiate('My::User','5')->result;

print Dumper $object;
[download]

When run, the following is printing:

$VAR1 = bless( {
                 'artist' => 'Van Halen',
                 'title' => 'You Really Got Me',
                 'id' => '5',
                 'year' => '1978'
               }, 'My::User' );
[download]

The idea is to just return data - not code. SOAP is insecure enough already. As a matter of fact, if you try to return a DBI handle, you get back a nice fat undefined value.

SOAP really helped me to understand more about Perl OO, especially the fact that an object DOES NOT carry its methods with it - instead, the interpreter knows which package the object is blessed and is able to find the method in question because you use'ed or require'ed the package.

To see what i mean, call the foo method from package My::User inside your SOAP client ...

my $object = $soap->instantiate('My::User','5')->result;
print $object->foo();

# yields:  
Can't locate object method "foo" via package "My::User" at ./instantia
+te.pl line 23.
[download]

Pass data - not code, that's what COM and DCOM do (pass code and/or data). Hope this helps, and feel free to ask more. ;)

jeffa

L-LL-L--L-LL-L--L-LL-L--
-R--R-RR-R--R-RR-R--R-RR
F--F--F--F--F--F--F--F--
(the triplet paradiddle)

In reply to (jeffa) Re: SOAP::Lite dispatch routine by jeffa
in thread SOAP::Lite dispatch routine by gildir

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.