NuSOAP, HTTP Authentication and HTTP Proxy
NuSOAP and HTTP Authentication
I regularly receive emails from& friends messing around with nusoap asking about various features of the library. Most doubts are about HTTP Authentication and& HTTP Proxy. Here are my five cents to try and help.
If your webservice server requires http authentication don't worry, nusoap includes the method you need : &setCredentials&. Here is an example of the simplest case:
$soapclient = new soapclient(&http://myserver/mysoapservice.php&); $soapclient-&setCredentials(&user&,&password&);
I said &the simplest case& because &setCredentials& is much more complete than this. In this case we are supposing a &Basic Authentication Type& (the one that, when set on an http page, pops up a dialog asking for a user/password pair).We set the used authentication type with the third parameter of setCredentials, and it can be: &basic&,&digest& or &certificate&, but being &basic& the default we've omitted it here. When we input our username and password, their &username:password& form gets base64 encoded and sent to the server as part of the headers. Basic Authentication Type uses clear data(base64 is just a content transfer encoding scheme) and is therefore insecure. There are two more http authentication types we can rely on :
Digest Authentication TypeCertificate Authentication Type On
you will find the following definition for Digest Access Authentication: &...... allowing user identity to be established securely without having to send a
over the network. Digest authentication is basically an application of
cryptographic hashing with usage of
values to prevent .& This type of authentication implies& a sort of handshake between& the server and the client, to make sure &curious&& eyes are not& grabbing our& sensitive data.
You tell nusoap to use Digest Authentication by passing &digest& as third parameter to &setCredentials& and as fourth parameter an array containing the following keys:
&realm&&nonce&&nc&&qop& &realm& is the authentication realm,&nonce& stands for &number used once& and is a randomly generated value. Both these two values are retrieved from the server with a first call and are subsequently used for the real authentication process. Basically we do a simple &GET& request to the resource for which the digest authentication is required. We'll get back a 401 response from the server, something like this:
HTTP/1.1 401 Unauthorized WWW-Authenticate: Digest realm=&digestedaccess&, nonce=&Ab32Hh49iueg78bdg563jsndjk&,
opaque=&0000&P, stale=false, algorithm=MD5, qop=&auth&
What we are interested in here are &realm&, &nonce& and &qop& (quality of protection).& We'll use them in the array we'll pass as fourth parameter to &setCredentials&.& &nc& is a counter for how many times the nonce has been used.
The value &auth& for &qop& means& authentication only(it can also be &auth-int&, authentication and integrity). With the values we have, out method call will be:
$soapclient-&setCredentials(&user&,&password&,&digest&, &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& array( &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& &realm&& =& &digestedaccess&, &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& &nonce&& =& &Ab32Hh49iueg78bdg563jsndjk&, &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& &nc& & & && =& 0, &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& &qop& & & =& &auth& &
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& ) &);
The digest authentication type is far more secure that the &basic& one, as sensitive data are combined with server generated ones and md5 encoded. md5 is a &one-way& hashing algorithm making it difficult to retrieve clear data from the encoded result. Even more secure is the third authentication method: the Certificate Authentication Type. This implies using an ssl client certificate recognized by the server. To fully understand this, we'll need to explain the basics of the &Public Key Infrastructure&, which is out of the scope of this article. You can find extensive information about it on
If you want to use this authentication method with nusoap, you need to set &certificate& as the third parameter for &setCredentials& , and& as fifth parameter an array with at least the following keys:
&sslcertfile&,& the ssl certificate file (.pem)
&sslkeyfile&,& the ssl key file (.pem) of the above certificate
&passphrase&, the password/passphrase for the above certificate key&cainfofile& (optional), the Certification Authority certificate file (.pem)
NuSOAP and HTTP Proxy
This is something I've been asked about a lot of time and honestly don't know why, as long as nusoap includes a simple and self documented method for this: setHTTPProxy. Here is a simple example:
$soapclient-&setHTTPProxy(&http://proxyhost&,8080,&proxy_user&,&proxy_password&);
The second parameter is obviously the proxy port. That's all.
Hasta la proxima.
Latest Articles
Latest Software关于Rails登录和验证插件http_authentication restful-authentication - 夜鸣猪的Ruby On Rails 空间 - ITeye技术网站
博客分类：
很热的一个插件
比较轻量级
示例如下：
Simple Basic example:
class PostsController & ApplicationController
USER_NAME, PASSWORD = "dhh", "secret"
before_filter :authenticate, :except =& [ :index ]
render :text =& "Everyone can see me!"
render :text =& "I'm only accessible if you know the password"
def authenticate
authenticate_or_request_with_http_basic do |user_name, password|
user_name == USER_NAME && password == PASSWORD
#Here is a more advanced Basic example where only Atom feeds and the XML API is #protected by HTTP authentication,
#the regular HTML interface is protected by a session approach (NOTE: This example requires Rails Edge as
#it uses Request#format, which is not available in Rails 1.2.0):
class ApplicationController & ActionController::Base
before_filter :set_account, :authenticate
def set_account
@account = Account.find_by_url_name(request.subdomains.first)
def authenticate
case request.format
when Mime::XML, Mime::ATOM
if user = authenticate_with_http_basic { |u, p| @account.users.authenticate(u, p) }
@current_user = user
request_http_basic_authentication
if session_authenticated?
@current_user = @account.users.find(session[:authenticated][:user_id])
redirect_to(login_url) and return false
#In your integration tests, you can do something like this:
def test_access_granted_from_xml
"/notes/1.xml", nil,
:authorization =& HttpAuthentication::Basic.encode_credentials(users(:dhh).name, users(:dhh).password)
assert_equal 200, status
用法示例：
class UserSession & Authlogic::Session::Base
# specify configuration here, such as:
# logout_on_timeout true
# ...many more options in the documentation
& class UserSessionsController & ApplicationController
@user_session = UserSession.new
def create
@user_session = UserSession.new(params[:user_session])
if @user_session.save
redirect_to account_url
render :action =& :new
def destroy
current_user_session.destroy
redirect_to new_user_session_url
#As you can see, this fits nicely into the RESTful development pattern. What about the view…
&% form_for @user_session do |f| %&
&%= f.error_messages %&
&%= f.label :login %&&br /&
&%= f.text_field :login %&&br /&
&%= f.label :password %&&br /&
&%= f.password_field :password %&&br /&
&%= f.submit "Login" %&
#Or how about persisting the session…
class ApplicationController
helper_method :current_user_session, :current_user
def current_user_session
return @current_user_session if defined?(@current_user_session)
@current_user_session = UserSession.find
def current_user
return @current_user if defined?(@current_user)
@current_user = current_user_session && current_user_session.user
下载次数: 60
下载次数: 40
(768.4 KB)
下载次数: 24
浏览: 923588 次
link_to其实就是个a标签，使用css控制，添加一个参数: ...
完全看不懂,不知所然.能表达清楚一点?
可以用？为什么我用不了
重启cron还可以这样：service cron restar ...
请问在rails里想修改link_to里字体的颜色怎么修改？谢 ...下载Android SDK时提示Site Authentication然后我在那个摩托网站注册了两个账号，为什么都不能用啊？_百度知道
下载Android SDK时提示Site Authentication然后我在那个摩托网站注册了两个账号，为什么都不能用啊？
提问者采纳
需要一直点下一步，之后不需要再摩托网站在弄其他的，只需要将注册完成之后，在SDK进行中弹出那个登陆的时候，就将刚刚注册的账号密码打上去，就OK了。
提问者评价
问题已经解决了。我自己解决的 呵呵
采纳率100%
其他类似问题
android的相关知识
等待您来回答
下载知道APP
随时随地咨询
出门在外也不愁}