search

troelskn / handsoap

Handsoap is a library for creating SOAP clients in Ruby
http://github.com/unwire/handsoap
151 stars 2 forks source link

HTTP authentication support? #10

Closed wvanbergen closed 15 years ago

wvanbergen commented 15 years ago

I needed to use HTTP authentication for the SOAP service I was consuming. I forked the project to implement this, however I found out that it is actually possible already using on_after_create_http_client hook:

def on_after_create_http_client(http_client) 
 http_client.userpwd = "#{self.class.username}:#{self.class.password}"
end

This probably only works with curb; I haven't tested it with httpclient. Maybe this can be added as a feature to handsoap with a nicer API than the example above. Otherwise, this code snippet could be added to the documentation.

troelskn commented 15 years ago

Yes, I actually have meant to document that for a while now, but I can't figure out where to put it in the documentation. Perhaps using the wiki would make sense here, as there are different ways to do authentication over soap.

In theory, I agree on your suggestion about abstracting the difference between curb and httpclient out, but it can quickly become rather complicated. For now, I have just accepted the lack of portability in return for less complex code. Not an overly consistent choice, I know ...

FWIW, I think the following variation is portable:

def on_after_create_http_client(http_client)
 # beware the missing chomp, it will make you cry....
 auth = Base64.encode64("#{username}:#{password}").chomp
 http_client.headers['Authorization'] = "Basic #{auth}"
end
wvanbergen commented 15 years ago

Personally, I prefer using the Github project's wiki. For this issue, I would probably have added my code example to it myself :-)

troelskn commented 15 years ago

I've enabled the wiki and started a page on authentication: http://wiki.github.com/troelskn/handsoap/authentication

troelskn commented 15 years ago

I have now released 0.5.0, which puts the http interaction in a separate driver layer. This gives you much better control over the interaction. At present, I haven't exposed method for dealing with SSL certificates, but it's just a matter of adding them in. Note that this changes the API so code which used on_after_create_http_client pre 0.5.0 will have to be rewritten.