Savon vs. Handsoap: Authentication

This documentation is deprecated, please have a look at savonrb.com!

The libraries provide support for multiple authentication protocols. While Handsoap’s authentication support is more low level, Savon provides an API for that task.

WSSE authentication

As you might expect, the Handsoap way for this aspect is to implement a callback method for the document creation. Using Savon you can attach your credentials on a WSSE object inside your request block. Compare the two implementations:

def on_create_document(doc)
  doc.alias 's', "http://docs...xsd"
  header = doc.find("Header")
  header.add "s:Security" do |s|
    s.set_attr "env:mustUnderstand", "0"
    s.add "s:Username", @@username
    [...]
  end
end
response = client.get_bank do |soap, wsse|
  wsse.username = @@username
  [...]
end

HTTP authentication

The same approach is used by Handsoap to offer HTTP authentication:

def on_after_create_http_request(http_request)
  http_request.set_auth @@username, @@password
end

Savon provides support for this feature just yet (since 0.7.0):

client.request.basic_auth "username", "password"

SSL support

At the time of writing only Savon supports SSL authentication directly. This is achieved by passing a configuration hash to the Savon::Client:

client = Savon::Client.new "some_wsdl"
client.request.http.ssl_client_auth(
  :cert => OpenSSL::X509::Certificate.new(File.read("client_cert.pem")),
  :key => OpenSSL::PKey::RSA.new(File.read("client_key.pem"), "password if one exists"),
  :ca_file => "cacert.pem",
  :verify_mode => OpenSSL::SSL::VERIFY_PEER
)

While the Handsoap documentation states that support for SSL is not yet implemented, there might be a chance to enable it through the use of the preconfigured http driver.

Published by

phoet

I am a professional Software Developer from Hamburg, Germany.

2 thoughts on “Savon vs. Handsoap: Authentication”

  1. Note that this example is not valid:

    client.request.basic_auth “username”, “password”

    It results in the error Savon::Client#request requires at least one argument (ArgumentError)

    You should do this for Savon’s http authentication:

    client = Savon.client("http://path.to.my/service.wsdl") do
        http.auth.basic "user", "password"
    end
    

    I found the fix and posted the answer on stackoverflow:

    http://stackoverflow.com/questions/9225090/sharepoint-upload-files-by-ruby

Comments are closed.