Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Ok I'm stumped. How the heck does LWP::Authen::Wsse work?

by jaldhar (Vicar)
on Apr 29, 2011 at 03:18 UTC ( #901913=perlquestion: print w/ replies, xml ) Need Help??
jaldhar has asked for the wisdom of the Perl Monks concerning the following question:

I'm writing a script that uses WWW::Mechanize. I need to do basic and WSSE UserToken authentication. The former is easy. For the latter I found LWP::Authen:Wsse on CPAN. WWW::Mechanize is a subclass of LWP::UserAgent so I should be able to use it right? Only, I can't figure out how. Here is some sample code:

#!/usr/bin/perl use warnings; use strict; use WWW::Mechanize; use LWP::Authen::Wsse; my $mech = WWW::Mechanize->new; $mech->credentials('username', 'password'); # some debug stuff. $mech->default_header('Accept-Encoding' => scalar HTTP::Message::decod +able()); $mech->add_handler("request_send", sub { shift->dump; return }); $mech->add_handler("response_done", sub { shift->dump; return }); $mech->get('http://localhost/');

Note that no method from LWP::Authen::Wsse is called in the script. That's because according to the modules' documentation:

The module is used indirectly through LWP, rather than including it directly in your code. The LWP system will invoke the WSSE authentication when it encounters the authentication scheme while attempting to retrieve a URL from a server.

I think this is where I'm going wrong. Is the server supposed to send a special header asking for WSSE authentication like it does for Basic Auth? Or does LWP::Auth::Wsse (which only has one method called authenticate) have to be injected into a WWW::Mechanize object somehow? I see that LWP::UserAgent in the request() method has a hook to call authenticate() but I can't seem to get from A to B. Help!

--
જલધર

Comment on Ok I'm stumped. How the heck does LWP::Authen::Wsse work?
Download Code
Re: Ok I'm stumped. How the heck does LWP::Authen::Wsse work?
by Anonymous Monk on Apr 29, 2011 at 03:57 UTC
    I think this is where I'm going wrong. Is the server supposed to send a special header asking for WSSE authentication like it does for Basic Auth?

    Yes

    Or does LWP::Auth::Wsse (which only has one method called authenticate) have to be injected into a WWW::Mechanize object somehow?

    No, it only has to live in the LWP::Authen:: namespace, be named ucfirst lc $authenschemename, and have a method called authenticate :) LWP::Authen::Wsse qualifies

    but I can't seem to get from A to B. Help!

    Its all about the headers sent and headers received, examine the headers, or show the headers :)

Re: Ok I'm stumped. How the heck does LWP::Authen::Wsse work?
by Khen1950fx (Canon) on Apr 29, 2011 at 04:32 UTC
    I was stumped at first glance too, but the main problem that I encountered was
    $mech->credentials('username', 'password');
    Using 'perlmonks.net', I rearranged it to fit the Wsse:
    $mech->credentials('perlmonks.net', '', 'username' 'password');
    That worked for me, and here's the script as I ran it:
    #!/usr/bin/perl use strict; use warnings; use WWW::Mechanize; use Data::Dumper::Concise; my $url = 'http://www.perlmonks.net/?node_id=109'; my $mech = WWW::Mechanize->new; $mech->credentials('perlmonks.net', '', 'username', 'password'); $mech->default_header('Accept-Encoding' => scalar HTTP::Message::decod +able()); $mech->add_handler("request_send", sub { shift->dump; return }); $mech->add_handler("response_done", sub { shift->dump; return }); print Dumper($mech->get($url));
      That worked for me, and here's the script as I ran it:

      Seeing how perlmonks doesn't use basic authentication or Wsse, why post nonsense like that?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://901913]
Approved by Tanktalus
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (6)
As of 2014-07-24 06:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (158 votes), past polls