in reply to SOAP::Lite - securest authentication route...

I'd like to extend that security model in a way to control access to the methods of the SOAP-Server based on either (lets say) userid, hostname or even a kerberos ticket.

I did a bit UTSL in SOAP::Lite and so far I was not able to determine a point in the code to place this extension. One idea would be to overload the "dispatch_to" method of SOAP::Lite.

What do you think, is it worth the effort?

Rgds,
Gnork

cat /dev/world | perl -e "(/(^.*? \?) 42\!/) && (print $1))"
errors->(c)
  • Comment on Re: SOAP::Lite - securest authentication route...

Replies are listed 'Best First'.
Re:^ SOAP::Lite - securest authentication route...
by cLive ;-) (Prior) on Apr 20, 2004 at 14:10 UTC
    I have a feeling that grabbing the Apache request before it hits the SOAP stuff through a PerlHandler) would be the easiest way of doing that. Although that's not how I'm currently approaching it :)

    I was going to add a 'LocalAuth' module (or similar) that would be run at the beginning of a method call, something along the lines of: 

    if ($auth->can('set credit card')) {
    proceed();
}

    [download]

    as the final lock down at the application level, where individual methods are listed in a DB along with identifying group(s) of hosts allowed to run them (then do a group look up to see which group the particular host belongs to.

    I'm still in flux over all this, but having great fun experimenting :) Perhaps you'd care to expand on your ideas...

    cLive ;-)

[reply]
[d/l]
      The DB solution is exactly what I have in mind. The "$auth->can" call in the method call is one solution I thought about.
      Since this requires an additional call in the method code, I would opt for an inherited method or an additional module in SOAP::Lite, that does this work.

      Gnork

      cat /dev/world | perl -e "(/(^.*? \?) 42\!/) && (print $1))"
      errors->(c)
[reply]

In Section Seekers of Perl Wisdom