Ruby - Savon Web 服务身份验证

Question

我正在尝试利用 ruby​​ gem Savon 连接到 propertyware (http://propertyware.com/apidocs/Getting-Started) 提供的 Web 服务。我已通过 SoapUI 成功连接到服务并执行了 echoString 请求。当我尝试通过 Ruby 执行相同操作时，我收到空用户身份验证错误。

这是我在 Ruby 中尝试过的...

require 'rubygems'
require 'savon'

client = Savon::Client.new do
  wsdl.document = 'http://propertyware.com/pw/services/PWServices?wsdl'
  wsse.credentials 'username', 'pwd'
end

response = client.request :web, :echo_string, :body => {:arg => "Hello world."} 

生成以下 xml...

<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:web="http://propertyware.com/pw/services/PWServices" 
    xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" 
    xmlns:ins0="http://propertyware.com/pw/services/PWServices" 
    xmlns:ins1="http://criteria.soap.propertyware.com" 
    xmlns:ins2="urn:PWServices" 
    xmlns:ins3="http://soap.propertyware.com" 
    xmlns:ins4="http://xml.apache.org/xml-soap">
    <env:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
                <wsse:Username>user</wsse:Username>
                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
    </env:Header>
    <env:Body>
        <web:echoString>
            <arg>Hello world.</arg>
        </web:echoString>
    </env:Body>
</env:Envelope>

这是 SoapUI 生成的 xml...

<soapenv:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
    xmlns:web="http://webservices" >
   <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>user</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">R41mCRd+tY+xthhE/YISLQ==</wsse:Nonce>
            <wsu:Created>2011-10-25T09:52:40.220Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <web:echoString soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
         <arg xsi:type="xsd:string">?</arg>
      </web:echoString>
   </soapenv:Body>
</soapenv:Envelope>

一个明显的区别是 SoapUI 包含一个随机数键和一个createdAt时间戳。我不知道如何让 savon 在不消化身份验证的情况下做到这一点。 (而且这不起作用)。

我在网络服务方面并不是真正的专家 - 任何指导将不胜感激。

另外 - 这是我尝试通过 savon 连接时的响应:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soapenv:Body>
        <soapenv:Fault>
            <faultcode xmlns:ns1="http://xml.apache.org/axis/">ns1:Server.Unauthenticated</faultcode>
            <faultstring>User 'null' not authenticated (unknown user)</faultstring>
            <detail>
                <ns2:hostname xmlns:ns2="http://xml.apache.org/axis/">rcpppwwwapt012.realpage.com</ns2:hostname>
            </detail>
        </soapenv:Fault>
    </soapenv:Body>
</soapenv:Envelope>

蒂亚! 鲍勃

Answer 1

尝试将 wsse 中的摘要设置为 true。这将指示 Savon 将随机数和 createAt 添加到请求中:

wsse.credentials 'username', 'pwd', :digest

查看this object for more info的评论