SOAP::Lite proxied

[Ian Wilson]

I have a SOAP client using SOAP::Lite whose only access to a SOAP
service is through an HTTP Proxy.

On one Unix system the client will use the proxy if the environment
variable HTTP_proxy is set. It will authenticate to the proxy if the
environment variables HTTP_proxy_use and HTTP_proxy_pass are set.

On another Unix system, setting the environment variables seems to have
no effect. Same operating system, same versions of Perl (5.8.0) and
SOAP::Lite ($Id 1.47 in Lite.pm).

I'm using +trace but can't see why the environment variables are not
used. Any ideas?


With LWP::UserAgent, you can also do things like
$ua->proxy('http'=>'http://proxy.server:8080');
$request->proxy_authorization_basic('fred', 'secret');
Is there any way to do something equivalent using SOAP::Lite?

 

[skye.shaw]

Gee, I cant belive someone hasnt given you the "plese post to the
proper newsgroup" diatribe that never seems to get old here. Anyways,
how and where are U "setting the environment" vars? This goes 4 both
systems.

 

[A. Sinan Unur]

With LWP::UserAgent, you can also do things like
$ua->proxy('http'=>'http://proxy.server:8080');
$request->proxy_authorization_basic('fred', 'secret');
Is there any way to do something equivalent using SOAP::Lite?

Are you asking us to look up documentation for you?

http://search.cpan.org/~byrne/SOAP-Lite-0.60a/lib/SOAP/Lite.pm

<blockquote>
In addition to endpoint parameter, proxy() can accept any transport
specific parameters that could be passed as name => value pairs. For
example, to specify proxy settings for HTTP protocol you may do:

$soap->proxy('http://endpoint.server/',
proxy => ['http' => 'http://my.proxy.server/']);
</blockquote>

Now, I have never tried this, and I don't know if it works, but I would
have expected you to at least attempt it yourself, and provide a minimal
but complete script that still exhibits the problem.

Please read the posting guidelines for this group to learn how you can
help yourself and help others help you.

Sinan

 

[Tad McClellan]

Gee, I cant belive someone hasnt given you the "plese post to the
proper newsgroup" diatribe that never seems to get old here.

Gee, I can believe that I've found yet another GF[1] to killfile!



[1] The G is for Google.

 

[Ian Wilson]

Gee, I cant belive someone hasnt given you the "plese post to the
proper newsgroup" diatribe that never seems to get old here. Anyways,
how and where are U "setting the environment" vars? This goes 4 both
systems.

Korn shell:
export HTTP_proxy=http://proxy.example.com \
HTTP_proxy_user=foo \
HTTP_proxy_pass=bar

C shell:
setenv HTTP_proxy http://proxy.example.com
setenv HTTP_proxy_user foo
setenv HTTP_proxy_user bar

In my perl SOAP client I check this using something like:
#!/usr/bin/perl
use strict;
use warnings;
print "HTTP_proxy is '$ENV{HTTP_proxy}'\n";
which prints the expected results.

My question wasn't about how to set environment variables. But thanks
for taking the trouble to reply.

 

[Ian Wilson]

Are you asking us to look up documentation for you?

Certainly not! My apologies for not stating that I had already read that
document.

http://search.cpan.org/~byrne/SOAP-Lite-0.60a/lib/SOAP/Lite.pm

<blockquote> In addition to endpoint parameter, proxy() can accept
any transport specific parameters that could be passed as name =>
value pairs. For example, to specify proxy settings for HTTP protocol
you may do:

$soap->proxy('http://endpoint.server/', proxy => ['http' =>
'http://my.proxy.server/']); </blockquote>

I hadn't found anywhere in that document where it explains how to set
the credentials required by the proxy for authorization - i.e. a user-ID
and password (for the HTTP proxy, not the endpoint).

There are however some clues in the soaplite cookbook, I have tried all
of these. I will follow-up with some sanitized code later.

I have tried, for example:
$soap->proxy('http://user:[email protected]/',
proxy => ['http' => 'http://my.proxy.server/']);
and
$soap->proxy('http://endpoint.server/',
proxy => ['http' => 'http://user:[email protected]/']);

The former is suggested in the cookbook. It seems like it should
authenticate to the endpoint not to the HTTP proxy so I tried the latter
variant as well.

Now, I have never tried this, and I don't know if it works, but I
would have expected you to at least attempt it yourself,

You are right to expect this and I have indeed tried a half dozen
variants of this, I should have said so (I worry that long posts tend to
make people's eyes glaze over)

I also checked what is happening with "use SOAP::Lite +trace;"
concurrently with a "tail -f /var/log/squid/access.log" at the HTTP
proxy server. I have used wget and a perl script using LWP::Useragent to
check the proxy and endpoint logging, use of environment variables,
explicit setting of credentials, etc. This would be a lot to post so
instead I'll construct a minimal example that readers could run.

and provide a minimal but complete script that still exhibits the
problem.

Will do, once I have found (or created) a public SOAP endpoint that I
can use for this purpose.

 

[Ian Wilson]

I would have expected you to ... provide a minimal but complete
script that still exhibits the problem.

As should have been evident from my original post. I have code that
retrieves the correct result on one computer but not when run on another
computer (both same flavour of Unix) - so I'd not expect to find a fatal
error in the Perl scripts below.

On computer-A, with proxy-A, the clients return
...
"37.5 C = 99.5 F"

On computer-B, with proxy-B, the clients fail:
...
"407 Proxy Authentication Required"


client1 - relies on (undocumented?) environment variables
Korn shell:
export HTTP_proxy=http://proxy.example.com \
HTTP_proxy_user=Dirk \
HTTP_proxy_pass=foo
../soaptempclient1.pl
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
#!/usr/bin/perl -w
use strict;
use warnings;
use SOAP::Lite;

my $c = shift @ARGV;
$c = 37.5 unless $c;

foreach (qw(HTTP_proxy HTTP_proxy_user HTTP_proxy_pass)) {
print "$_='$ENV{$_}'\n" unless not defined $ENV{$_};
}

print
"$c C = ",
SOAP::Lite
-> uri('http://www.example.org/Temperatures')
-> proxy ('http://www.example.org/cgi-bin/soaptemp.pl')
-> c2f($c)
-> result,
" F\n";
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/

client2 explicitly sets credentials using an approach that is not
explicitly documented anywhere I have found so far. Note that the user
and password for the HTTP proxy are "Dirk" and "foo" respectively. The
SOAP endpoint does not require authentication.
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
#!/usr/bin/perl -w
use strict;
use warnings;
use SOAP::Lite;

my $c = shift @ARGV;
$c = 37.5 unless $c;

foreach (qw(HTTP_proxy HTTP_proxy_user HTTP_proxy_pass)) {
print "$_='$ENV{$_}'\n" unless not defined $ENV{$_};
}

print
"$c C = ",
SOAP::Lite
-> uri('http://www.example.org/Temperatures')
-> proxy ('http://www.example.org/cgi-bin/soaptemp.pl',
proxy => ['http' => 'http://Dirk:[email protected]:8080'])
-> c2f($c)
-> result,
" F\n";
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/

server script soaptemp.pl
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
#!/usr/bin/perl -w

use SOAP::Transport::HTTP;

SOAP::Transport::HTTP::CGI
-> dispatch_to('Temperatures')
-> handle;

package Temperatures;

sub f2c {
my ($class, $f) = @_;
return 5/9*($f-32);
}

sub c2f {
my ($class, $c) = @_;
return 32+$c*9/5;
}
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/

For proxy-A, I use Squid. In squid.conf I added
authenticate_program /usr/local/bin/squidauth.pl
acl authentic proxy_auth REQUIRED
http_access allow authentic
http_access deny all
proxy_auth_realm Ians Proxy

squidauth.pl (verbatim from squid docs) is
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
#!/usr/bin/perl -w
$|=1; # no buffering, important!
while (<>) {
chop;
($u,$p) = split;
$ans = &check($u,$p);
print "$ans\n";
}

sub check {
local($u,$p) = @_;
return 'ERR' unless (defined $p && defined $u);
return 'OK' if ('Dirk' eq $u);
return 'OK' if ('Sekrit' eq $p);
return 'ERR';
}
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/

I'll have to get the proxy-B administrator to check that it accepts
basic authentication (as opposed to NTLM, Digest or others only)

In my view, HTTP-proxy authentication *could* be better documented in
the SOAP::Lite docs. YMMV.

 

[A. Sinan Unur]

Certainly not! My apologies for not stating that I had already read
that document.

OK, sorry about that. So many people do post without looking that if it
is not explicitly stated, I tend to assume they haven't/

http://search.cpan.org/~byrne/SOAP-Lite-0.60a/lib/SOAP/Lite.pm

<blockquote> In addition to endpoint parameter, proxy() can accept
any transport specific parameters that could be passed as name =>
value pairs. For example, to specify proxy settings for HTTP protocol
you may do:

$soap->proxy('http://endpoint.server/', proxy => ['http' =>
'http://my.proxy.server/']); </blockquote>

I hadn't found anywhere in that document where it explains how to set
the credentials required by the proxy for authorization - i.e. a
user-ID and password (for the HTTP proxy, not the endpoint).

Hmmm ... I can't either. On the other hand,

http://search.cpan.org/~byrne/SOAP-Lite-
0.60a/lib/SOAP/Transport/HTTP.pm#PROXY_SETTINGS

does have a section on it. The key phrase seems to be:

<quote>
You can use any proxy setting you use with LWP::UserAgent modules:
</quote>

Unfortunately, LWP::UserAgent docs do not give much information either.

However, here is the relevant snippet from SOAP::Transport::HTTP:

my $req = HTTP::Request->new($method => $endpoint,
(defined $headers ? $headers : HTTP::Headers->new),
$req->protocol('HTTP/1.1');

$req->proxy_authorization_basic(
$ENV{'HTTP_proxy_user'},
$ENV{'HTTP_proxy_pass'}
) if ($ENV{'HTTP_proxy_user'}
&& $ENV{'HTTP_proxy_pass'}
);

(source reformatted to fit).

This leads me to believe the environment variable method should work.

$soap->proxy('http://endpoint.server/',
proxy => ['http' => 'http://user:[email protected]/']);

And, this should work as well:

<URL:http://search.cpan.org/~byrne/SOAP-Lite-
0.60a/lib/SOAP/Transport/HTTP.pm#SYNOPSIS>

So, I am not sure how I could help you with the problem (it seems like
this is an issue caused by something other than SOAP::Lite), especially
since I do not have a setup where I can try things.

I would focus on the differences rather than the similarities between
the two systems. Are two systems going through the same proxy?

Sinan

 

[Ian Wilson]

<snip: Discussion of how to set user and password for HTTP-proxy when
using SOAP::Lite>

To summarise, you can either set environment variables HTTP_proxy,
HTTP_proxy_user and HTTP_proxy_pass or you can use a construct like:
$soap->proxy('http://endpoint.server/',
proxy => ['http' => 'http://user:[email protected]/']);

I would focus on the differences rather than the similarities between
the two systems. Are two systems going through the same proxy?

They use different proxies. I'm now almost certain the problem lies with
configuration of the other proxy, which means it isn't a Perl problem
despite my earlier difficulty in finding out exactly how
authenticated-proxies are meant to work in SOAP::Lite.

Thanks for your help - much appreciated.

 

[Sherm Pendley]

Gee, I hope U -err- you, append the entry[1] with Perl......


[1] This note denotes my broken heart

Lovely attitude you have there. Hope it answers your Perl questions for you.

*plonk*

sherm--

 

[skye.shaw]

Gee, I cant belive someone hasnt given you the "plese post to the
proper newsgroup" diatribe that never seems to get old here.

Gee, I can believe that I've found yet another GF[1] to killfile!



[1] The G is for Google.

Gee, I hope U -err- you, append the entry[1] with Perl......


[1] This note denotes my broken heart

 

[Big and Blue]

I hadn't found anywhere in that document where it explains how to set
the credentials required by the proxy for authorization - i.e. a user-ID
and password (for the HTTP proxy, not the endpoint).

I have problems trying to remember what to do here too.

And, at least with LWP, if not with SOAP (I don't know), there is a
difference between using the function calls to set a proxy and setting
environment variables. It applies to HTTPS calls. One will end up doing a
GET and the other a CONNECT through the proxy (IIRC I have to set the
environment variables in order to use CONNECT, which is what is needed for
teh proxy I use). And I've never found any documentations in the modules
there as to the difference and the effect. Discovered by trial, error some
network snooping and a helpful proxy admin who made some comments on the
log entries I generated.