Recently I had to write a Firefox extension for a company which provides text messaging web services. The Web-Service is an RPC-Style SOAP one which is written by "Nima Shayafar".
When I got this offer, I didn't think that this one would cause any troubles, as Mozilla has a SOAP implementation landed in it's platform since years (
).This Web-Service is protected by basic HTTP Authentication, nothing tricky so far, but to my surprise Mozilla's SOAP implementation doesn't provide any mean to do authentication against an endpoint, and nah, not even a basic one.
Well I thought as this (writing Firefox extensions for protected SOAP Web Services) is not that uncommon situation I may get a good amount of information by Googling, but nothing catchy comes there in results except a thread at netscape.public.mozilla.xml where I found two solutions, one was submitting username/password pair together with URL, and the other one was to make an XHR connection to the endpoint (XMLHttpRequest implementation let you provide login/password for a basic authentication), and as Mozilla remembers that for the browser session, you're there.
The first solution is hmm ... horrible! And the second one, I didn't manage to get it to work.
So I started wondering in other possible ways to overcome this, and guess what? It was damn easy!
You just need to set Authorization header in HTTP request (which is base64 encoded of login:password), but just for that particular endpoint, and how?
You need to use nsIHttpChannel in conjugation with nsIObserverService, register it right before invoking the SOAPCall, and (don't forget to!) unregister it when the call is done, that's it.
Well, it took me an hour to come up with this, and I'm writing it in hopes save someone else "one hour".
I'm really impressed! what a brilliant idea! using Authorization header in HTTP request within a firefox extension!!! where did you got this idea?!!!
There was no choice.
wow, I didn't note that Mozilla's SOAP does not even have a support for basic http auth !!
btw, i've seen an example of using nsIHttpChannel in conjugation with nsIObserverService before (actually here : http://developer.mozilla.org/en/docs/Setting_HTTP_request_headers) but passing these stuff by plain text (or Base64 that is not far away from plain) ain't really a great idea !, Imainge some1 sniffin' on your subnet comes up with a backlog of all username:password pairs in Base64 !
But it's a brilliant idea since they were originally using Basic HTTP Auth. ! Gr8 Job
Anyways, you know, providing Web-Services using all of the WS-* (e.g., profile) isn't that hard (at least for Nima), but most of the users here have no clue regarding this sort of stuff, so we'd better stick to this simplest.
(I thought that Mozilla automatically handle this authentication by notifying popup and sending request to WS)
I was not going to trigger that at all, actually I was going to pass 'em with the XHR request header, but never realized for why on earth I didn't mange to do so.
Anyway, I think this approach is much much better and cleaner than the XHR thingie which was only a hack, a dirty one maybe.
Thanks.
The soap be like "curl functions" or "http_request of pear" or not?
Thanks
Sorry, I didn't get you.
SOAP is a protocol, it's used to transmit XML messages over HTTP (well, normally).
So, the XHR can be a SOAP model?
I think, Mr. ali farhadi used of soap in the whois toolbar extension project at this link:
http://www.mihannic.com/tools/whois.xpi
is also?
I think you'd better Google those terms