Re: Authentication and Authorization for SOAP

You can pass the username and password as parameters in your request, like

my $result = SOAP::Lite
    -> uri('http://www.example.com/Protected')
    -> proxy('http://www.example.com/soap.cgi')
    -> fetchdata($name, $pass, @request)
    -> result;
[download]

And define the fetchdata method at server-side as smth like this (i didn't add SOAP-specific code, but it can be taken directly from SOAP::Lite docs):

package Protected;
sub fetchdata {
    my $pkg = shift;
    my $name = shift;
    my $pass = shift;
    #check the $name and $pass and process @request
    # or send an response indicating authentication error
}
[download]

I have no experience in Java, but as i can see, the code sample you showed seems to do the same thing, but sends only name and password.

Comment on Re: Authentication and Authorization for SOAP Select or Download Code

Replies are listed 'Best First'.
Re^2: Authentication and Authorization for SOAP by rob_au (Abbot) on Jul 14, 2006 at 17:32 UTC
Other options also include HTTP authentication (where HTTP serves as the transport for SOAP - See the SOAP::Lite cookbook at http://cookbook.soaplite.com/ for examples) and ticket-based authentication (see http://guide.soaplite.com/ or http://www.perl.com/pub/a/2001/04/24/soap.html). I have used this latter method previously in SOAP services that I have written. `perl -le "print unpack'N', pack'B32', '00000000000000000000001000000000'"`	[reply]
Re^2: Authentication and Authorization for SOAP by duckyd (Hermit) on Jul 14, 2006 at 20:37 UTC
A common practice is to pass authentication information in the SOAP headers. With SOAP::Lite, you can do this by creating SOAP::Header objects (just like SOAP::Data, but they'll be placed in the header): `my $headers = SOAP::Header ->name( 'LoginCredentials' ) ->value( [ SOAP::Header ->name('Username') ->value( $username ) , SOAP::Header ->name('Password') ->value( $password ) , ] ) ) ;` [download] The login credentials can then be passed along with any other arguments into whatever SOAP method is being called, and dealt with seperately.	[reply] [d/l]