SOAP+HTTPS with Authentication required

484 views
Skip to first unread message

dan

unread,
Aug 17, 2004, 6:07:26 AM8/17/04
to soa...@googlegroups.com
Hi,

I'm writing a soap client that must connect to a https soap server.
My problem is that the server requires Authentication with a username
and a password.

Up to now, I have this:

class abcAPI < SOAP::RPC::Driver

......

DefaultEndpointUrl = "https://www.abc.com:443/soap/"

def initialize(endpoint_url = nil)
endpoint_url ||= DefaultEndpointUrl
super(endpoint_url, nil)
self.mapping_registry = MappingRegistry
init_methods
end

....

But I don't know how to setup the username and password to login at
https://www.abc.com:443/soap/
Thanks,

dan...

ps: www.abc.com is a fictif domain.

NAKAMURA, Hiroshi

unread,
Aug 17, 2004, 7:32:12 AM8/17/04
to soa...@googlegroups.com
Hi,

On Tue, 17 Aug 2004 03:07:26 -0700, dan <d...@ubit.com> wrote:
> I'm writing a soap client that must connect to a https soap server.
> My problem is that the server requires Authentication with a username
> and a password.

Do you know what kind of username/password authentication method you must use?

I suppose...

1. BasicAuth: username/password in HTTP(s) header

2. (Somewhat) common SOAPHeader based authentication:
username/password in SOAPHeader element. I once heard about a
SOAPHeader based authentication which is defined as an URI of
http://soap-authentication.org/basic/2001/10/.

3. Service specific authentication: username/password in SOAPBody
element as method parameter.

Regards,
// NaHi

dan

unread,
Aug 18, 2004, 2:40:52 AM8/18/04
to soa...@googlegroups.com
1. BasicAuth: username/password in HTTP(s) header

It's the kind of Auth that should make your browser popup a dialog to
ask you for a username and password.

Anyway, here the backtrace that I get:

/usr/local/lib/ruby/1.8/soap/streamHandler.rb:206:in `send_post': 401:
Authorization Required (SOAP::HTTPStreamError)
from /usr/local/lib/ruby/1.8/soap/streamHandler.rb:100:in `send'
from /usr/local/lib/ruby/1.8/soap/rpc/proxy.rb:95:in `invoke'
from /usr/local/lib/ruby/1.8/soap/rpc/proxy.rb:108:in `call'
from /usr/local/lib/ruby/1.8/soap/rpc/driver.rb:190:in `call'
.....

Thanks,

dan...

NAKAMURA, Hiroshi

unread,
Aug 18, 2004, 6:14:13 AM8/18/04
to soa...@googlegroups.com
Hi,

On Tue, 17 Aug 2004 23:40:52 -0700, dan <d...@ubit.com> wrote:
> 1. BasicAuth: username/password in HTTP(s) header
>
> It's the kind of Auth that should make your browser popup a dialog to
> ask you for a username and password.

OK. Then,

anAbcAPI = AbcAPI.new(...)
relm = "https://www.abc.com:443/soap/"
username = "foo"
password = "bar"
anAbcAPI.options["protocol.http.basic_auth"] << [relm, username, password]

should work. But I've not yet tested this feature under HTTPS
environment. Please tell me if it doesn't work.

Test case "test_basic_auth" in test/soap/test_streamhandler.rb only
tests it under HTTP environment. I'll try to add more test.

Regards,
// NaHi

dan

unread,
Aug 18, 2004, 7:24:16 AM8/18/04
to soa...@googlegroups.com
Hi,

Unfortunatly, it's doesn't work. Now I have:

class abcAPI < SOAP::RPC::Driver
......
DefaultEndpointUrl = "https://www.abc.com:443/soap/"

Username = "aaaa"
Password = "bbbb"

def initialize(endpoint_url = nil)
endpoint_url ||= DefaultEndpointUrl
super(endpoint_url, nil)
self.mapping_registry = MappingRegistry

options["protocol.http.basic_auth"] << [endpoint_url, Username,
Password]
init_methods
end

....
end

But I still get the same error message.
If I look into the wiredump_dev output. The username and password
are not used. I also tried:

options["protocol.https.basic_auth"] << [endpoint_url, Username,
Password]

with https, but same result.

Any Idea?

dan...

NAKAMURA, Hiroshi

unread,
Aug 18, 2004, 8:41:08 AM8/18/04
to soa...@googlegroups.com
Hi,

On Wed, 18 Aug 2004 04:24:16 -0700, dan <d...@ubit.com> wrote:
> Unfortunatly, it's doesn't work. Now I have:

Hmm. What version of soap module and http-access2 module are you
using? (Sorry, I should ask this at first).

And, would you please show me the result of running your client with
ruby -d ? And wiredump, too if you don't mind.

I cannot reproduce the error under HTTP environment. It might be a
soap4r/http-access2 bug under HTTPS environment. I'm trying to write
testcase for HTTPS env...

Regards,
// NaHi

dan

unread,
Aug 18, 2004, 9:13:45 AM8/18/04
to soa...@googlegroups.com
Hi,

I'm using Ruby 1.8.1 and I downloaded soap4r 1.5.2 from your site.
I didn't not install http-access2 as I though soap4r would use the
Net::HTTP libs that Ruby provides.

I will download the latest http-access2 and try again. I can I instruct
soap4r to use http-access2 lib and not the Net::HTTP lib?

For the wiredump, please send me an email directly. I don't want to
leave the real dump on this site.

Thanks,

dan...

NAKAMURA, Hiroshi

unread,
Aug 18, 2004, 9:31:48 AM8/18/04
to soa...@googlegroups.com
Hi,

On Wed, 18 Aug 2004 06:13:45 -0700, dan <d...@ubit.com> wrote:
> I'm using Ruby 1.8.1 and I downloaded soap4r 1.5.2 from your site.
> I didn't not install http-access2 as I though soap4r would use the
> Net::HTTP libs that Ruby provides.

Oops. I'm very sorry about it. For now, soap4r + net/http does not
support basic_auth. Soap4r's net/http wrapper must dump about it...

> I will download the latest http-access2 and try again. I can I instruct
> soap4r to use http-access2 lib and not the Net::HTTP lib?

After installing http-access2, soap4r detects http-access2 and use it
instead of net/http. Just install http-access2 and you don't have to
do anything more.

> For the wiredump, please send me an email directly. I don't want to
> leave the real dump on this site.

Definitely. My private e-mail address is naka...@sarion.co.jp. If
you still have the same problem after installing http-access2, please
send it to me directly. I have GPG key on public pgp key server
(naka...@sarion.co.jp) so you can use pgp key to encrypt your message
to me if you want.

Regards,
// NaHi

dan

unread,
Aug 24, 2004, 4:54:20 AM8/24/04
to soa...@googlegroups.com
Hi,

I installed http-access2 and now it's blocking on the certificate
verification.

How can I say to http-access2 to not verify the certificate?
(....ssl_config.verify_mode = 0)
How do I access the ssl_config object?


Current back trace:
! CONNECTION ESTABLISHED
at depth 0 - 18: self signed certificate
! CONNECTION CLOSED
/usr/local/lib/ruby/site_ruby/1.8/http-access2.rb:939:in `connect':
certificate verify failed (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/site_ruby/1.8/http-access2.rb:939:in
`ssl_connect'
from /usr/local/lib/ruby/site_ruby/1.8/http-access2.rb:1258:in
`connect'
from /usr/local/lib/ruby/site_ruby/1.8/http-access2.rb:1251:in
`timeout'
from /usr/local/lib/ruby/1.8/timeout.rb:55:in `timeout'
...

Thanks,
dan...

NAKAMURA, Hiroshi

unread,
Aug 24, 2004, 5:25:02 AM8/24/04
to soa...@googlegroups.com
Hi,

On Tue, 24 Aug 2004 01:54:20 -0700, dan <d...@ubit.com> wrote:
> I installed http-access2 and now it's blocking on the certificate
> verification.
>
> How can I say to http-access2 to not verify the certificate?
> (....ssl_config.verify_mode = 0)

Recent soap4r tarball includes SSL sample. Get the latest soap4r
package from http://rrr.jin.gr.jp/download/ and check
soap4r/sample/soap/ssl/* and soap4r/test/soap/ssl/*.

Here's a SSL client which does not verify server.

require 'http-access2'
require 'soap/rpc/driver'
client = SOAP::RPC::Driver.new("https://localhost:17443/",
'urn:sslhelloworld')
client.add_method("hello_world", "from")
client.options["protocol.http.ssl_config.verify_mode"] = nil
p client.hello_world("NaHi")

> How do I access the ssl_config object?

Through aDriver#options hash as above.

This feature (SSL support) is added after ruby/1.8.1 release. You
must get the latest soap4r package from http://rrr.jin.gr.jp/download/
as I said above. Instead of using this development version, you can
also use ruby-1.8.2 previews
(ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-preview2.tar.gz).
Above sample should run fine with ruby-1.8.2 preview2. Sorry for the
inconvenience.

Regards,
// NaHi
Reply all
Reply to author
Forward
0 new messages