Code Index:

package LWP::Authen::Wsse
EOF

NAME

LWP::Authen::Wsse - Library for enabling X-WSSE authentication in LWP

VERSION

This document describes version 0.05 of LWP::Authen::Wsse, released December 27, 2005.

SYNOPSIS

    use LWP::UserAgent;
    use HTTP::Request::Common;
    my $url = 'http://www.example.org/protected_page.html';

    # Set up the WSSE client
    my $ua = LWP::UserAgent->new;
    $ua->credentials('example.org', '', 'username', 'password');

    $request = GET $url;
    print "--Performing request now...-----------\n";
    $response = $ua->request($request);
    print "--Done with request-------------------\n";

    if ($response->is_success) {
        print "It worked!->", $response->code, "\n";
    }
    else {
        print "It didn't work!->", $response->code, "\n";
    }

DESCRIPTION

LWP::Authen::Wsse allows LWP to authenticate against servers that are using the X-WSSE authentication scheme, as required by the Atom Authentication API.

The module is used indirectly through LWP, rather than including it directly in your code. The LWP system will invoke the WSSE authentication when it encounters the authentication scheme while attempting to retrieve a URL from a server.

You also need to set the credentials on the UserAgent object like this:

   $ua->credentials('www.company.com:80', '', "username", "password");

Alternatively, you may also subclass LWP::UserAgent and override the get_basic_credentials() method. See LWP::UserAgent for more details.

AUTHORS

Audrey Tang <audrey@audrey.org>

COPYRIGHT

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

See http://www.perl.com/perl/misc/Artistic.html

package LWP::Authen::Wsse; use 5.004; use strict; use warnings; use English qw( -no_match_vars ); $LWP::Authen::Wsse::VERSION = '0.05'; use Digest::SHA1 (); use MIME::Base64 ();

use constant WITHOUT_LINEBREAK => q{}; sub authenticate { my $class = shift; my ( $ua, $proxy, $auth_param, $response, $request, $arg, $size ) = @_; my ( $user, $pass ) = $ua->get_basic_credentials( $auth_param->{realm}, $request->url, $proxy ); ( defined $user and defined $pass ) or return $response; my $now = $class->now_w3cdtf; my $nonce = $class->make_nonce; my $nonce_enc = MIME::Base64::encode_base64( $nonce, WITHOUT_LINEBREAK ); my $digest = MIME::Base64::encode_base64( Digest::SHA1::sha1( $nonce . $now . $pass ), WITHOUT_LINEBREAK ); my $auth_header = ( $proxy ? 'Proxy-Authorization' : 'Authorization' ); my $wsse_value = 'UsernameToken ' . join( ', ', qq(Username="$user"), qq(PasswordDigest="$digest"), qq(Nonce="$nonce_enc"), qq(Created="$now"), ); my $referral = $request->clone; # Need to check this isn't a repeated fail! my $r = $response; my $failed; while ($r) { my $prev = $r->request->{wsse_user_pass}; if ( $r->code == 401 and $prev and $prev->[0] eq $user and $prev->[1] eq $pass and $failed++ ) { # here we know this failed before $response->header( 'Client-Warning' => "Credentials for '$user' failed before" ); return $response; } $r = $r->previous; } $referral->header( $auth_header => 'WSSE profile="UsernameToken"' ); $referral->header( 'X-WSSE' => $wsse_value ); $referral->{wsse_user_pass} = [ $user, $pass ]; $ua->request( $referral, $arg, $size, $response ); } sub make_nonce { Digest::SHA1::sha1( time() . {} . rand() . $PID ); } sub now_w3cdtf { my ( $sec, $min, $hour, $mday, $mon, $year ) = gmtime(); $mon++; $year += 1900; sprintf( '%04s-%02s-%02sT%02s:%02s:%02sZ', $year, $mon, $mday, $hour, $min, $sec, ); } 1;