Hi again.
Now I am extracting de security data as follows (really easy!):
...
ns_wsse = "
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
"
class UsernameTokenType(ClassModel):
__namespace__ = ns_wsse
Username = String
Password = String
Nonce = String
class Security(ClassModel):
__namespace__ = ns_wsse
UsernameToken = UsernameTokenType
class HelloWorldService(DefinitionBase):
__in_header__ = Security
def on_method_call(self, method_name, py_params, soap_params):
# I can't access self.in_header here!
pass
@soap(String, Integer, _returns=Array(String))
def say_hello(self, name, times):
# We have access to self.in_header here.
results = []
for i in range(0, times):
results.append('Hello, %s' % name)
return results
To implement a service wide authentication procedure, I would have to
implement it as decorator, as the method "on_method_call" has no access to
"in_header".
Any other suggestions?
Regards.
Erny
2011/5/27 Chris Austin <[email protected]>
> On Thu, May 26, 2011 at 5:16 PM, Ernesto Revilla Derksen
> <[email protected]> wrote:
> > Hi.
> > First of all, you're doing a great work with soaplib!!!
> > I was just running the debugger to see how soaplibs treats the headers.
> > In soaplib/core/_base.py:decompose_incoming_envelope (near line 335), we
> get
> > the header & body parsed. Fine!
> > But just below, there is no self.validateHeader or self.checkHeader. So
> the
> > body is validated before (!) any headers can be validades. Could there be
> a
> > hook?
> > In method deserialize_soap (lines 406-417):
> > # decode header object
> > if (ctx.in_header_xml is not None and
> > len(ctx.in_header_xml) > 0 and
> > header_class is not None):
> > ctx.service.in_header =
> > header_class.from_xml(ctx.in_header_xml)
> >
> > how do IN-wrappers supposed to work? could you give an example?
>
> Sure, this is taken from the test at
>
> https://github.com/soaplib/soaplib/blob/master/src/soaplib/core/test/interop/server/_service.py
>
> You can define your headers as follows.
>
> class InHeader(ClassModel):
> s=String
> i=Integer
>
> class OutHeader(ClassModel):
> dt=DateTime
> f=Float
>
> Now, you can write a service that references your headers and, you
> can get access to the headers in your web methods as echo_in_header()
> and send_out_header() do below.
>
> class InteropServiceWithHeader(service.DefinitionBase):
> __in_header__ = InHeader
> __out_header__ = OutHeader
>
> @soap(_returns=InHeader)
> def echo_in_header(self):
> return self.in_header
>
> @soap(_returns=OutHeader)
> def send_out_header(self):
> self.out_header = OutHeader()
> self.out_header.dt = datetime(year=2000, month=01, day=01)
> self.out_header.f = 3.141592653
>
> return self.out_header
>
>
> Now, you can work with the headers in you client following something
> similar to the following example which is also take from an interop
> test found at :
> https://github.com/soaplib/soaplib/blob/master/src/soaplib/core/test/interop/test_suds.py
>
> So, you can treat headers just like any other datatype exposed by the
> service.
>
> def test_echo_in_header(self):
> in_header = self.client.factory.create('InHeader')
> in_header.s = 'a'
> in_header.i = 3
>
> self.client.set_options(soapheaders=in_header)
> ret = self.client.service.echo_in_header()
> self.client.set_options(soapheaders=None)
>
> print ret
>
> self.assertEquals(in_header.s, ret.s)
> self.assertEquals(in_header.i, ret.i)
>
> def test_send_out_header(self):
> out_header = self.client.factory.create('OutHeader')
> out_header.dt = datetime(year=2000, month=01, day=01)
> out_header.f = 3.141592653
>
> ret = self.client.service.send_out_header()
>
> self.assertTrue(isinstance(ret,type(out_header)))
> self.assertEquals(ret.dt, out_header.dt)
> self.assertEquals(ret.f, out_header.f)
>
>
> I hope this helps.
>
> > In process_request (line 436):
> > ctx.service.on_method_call(ctx.method_name,req_obj,ctx.in_body_xml)
> > the header is NOT sent to the service hook
> > As I can see (and sure that I'm wrong), I have the following alternatives
> of
> > processing SOAP headers:
> > - using IN-wrappers:
> > - override Application object customizing one of:
> > - deserialize_soap (says: not meant to be override!)
> > - decompose_incoming_envelope
> > - process_request (says: not meant to be override!)
> > Where would be the best place to implement header checking? (e.g.
> security=
> > Thanks in advance.
> > Best regards.
> > Erny
> > Spain
> > Ernesto Revilla
> > Yaco Sistemas
> > +34 954 500 057
> >
> > _______________________________________________
> > Soap mailing list
> > [email protected]
> > http://mail.python.org/mailman/listinfo/soap
> >
> >
>
_______________________________________________
Soap mailing list
[email protected]
http://mail.python.org/mailman/listinfo/soap
