[Soap-Python] 'pysimplesoap' - Server - Handling 'mustUnderstand'

Valeriy Pogrebitskiy vpogrebi at icloud.com
Wed Aug 5 22:33:08 CEST 2015 

Mariano, ‘pysimplesoap’ community support -

I am evaluating use of ‘pysimplesoap’ framework. In particular, I have following POC (“proof of concept”) request:

“develop a SOAP Server that talks to both MySQL and Oracle databases and uses the standard AT&T CommonHeader. Must understand the mustunderstand attribute. Object oriented and must not just use strings of XML ”

Common header referenced is just a standard ‘wise:Security’ header:

<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-29" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>Username</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>


I am trying to use ‘pysimplesoap’ to implement this POC… 

Since there is no good documentation (other than very simple and limited online wiki samples), I need help understanding how to implement the “mustUnderstand” requirement. From what I was told, adding “mustUnderstand” attribute to a header - *must* result in that header being processed by the server, and if error occurs (or if there is no corresponding actor to process given header at all), exception must be raised.

I encountered two separate problems with “mustUnderstand” header attribute:

wsse.UserameToken generates header without “mustUnderstand” attribute (when used from test client). I did not find an obvious way of adding this attribute - without overriding UsernameToken.preprocess() method
Even after I did manage to add “mustUnderstand” attribute to wsse:Security header - I am not sure how to define a handler (within server implementation) to handle (process) this header. But what’s even more worrisome - is that without corresponding handler, I *do not* get exception raised! I even tested with some arbitrary (custom) header that I added within client module (which includes ‘mustUnderstand=1’ attribute), and still did not get exception...


So questions are:

How is it possible to add arbitrary attribute to a header (that’s already defined)? Specifically - how ‘mustUnderstand’ can be added to wsse.UsernameToken without overriding that class?
Why server implementation does not raise exception when ‘mustUnderstand’ attribute is set to true in the header, and there is no appropriate handler to process that header?
How exactly custom handler (for a header) can be defined within server implementation?


Please help!


- Val

Kind regards,

Valeriy Pogrebitskiy
vpogrebi at iname.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/soap/attachments/20150805/b655eb6c/attachment.html>

More information about the Soap mailing list