Skip to content
Heavy metal Ruby SOAP client. This fork is an attempt to add WS-Security signing.
Ruby
Pull request Compare This branch is 6 commits ahead, 972 commits behind savonrb:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
lib
spec
.gitignore
.rspec
.yardopts
CHANGELOG.md
Gemfile
LICENSE
README.md
Rakefile
savon.gemspec

README.md

Savon

Heavy metal Ruby SOAP client

Guide | Rubydoc | Google Group | Wishlist | Bugs

About the carnesmedia/savon branch

This branch includes a working, but possibly app specific, implementation of WSSESecurity.

To enable the feature, do something like this:

Savon::Client.new do |wsdl, http, wsse|
  certs = Savon::WSSE::Certs.new :cert_file => "certs/cert_key.pem", :private_key_file => "certs/cert_key.pem", :private_key_password => "a super secret password"
  wsse.sign_with = Savon::WSSE::Signature.new certs
  ...
end

You'll also need to edit lib/savon/wsse/canonicalizer.rb and add any namespace your documents will have to the attributes.

Here's an enumeration of the changes:

Savon::SOAP::Request

  • Process Savon::WSSE::Signature when needed.

Savon::SOAP::XML

  • Changed default env_namespace to soapenv (specific to my application)
  • Use WSSE#signature? configuration
  • Ability to regenerate (bypassing cached xml)
  • Include Savon::WSSE::Signature#body_attributes when signing (through Savon::WSSE)

Savon::WSSE

  • Add #sign_with=/#signature? configuration
  • Generate signature xml header when signing
  • Include other header attributes even when generating a signature, timestamp, or user_token

Savon::WSSE::Canonicalizer

WARNING: This implementation has a bunch of hard-coded xml namespaces, you'll have to add your own. Please read the many other comments in lib/savon/wsse/canonicalization.rb.

Savon::WSSE::Certs

  • A class for managing certificates for signing with Savon::WSSE::Signature

Savon::WSSE::Signature

  • Signs soap requests by:
    • adding a wsu:Timestamp
    • digesting the timestamp and the body
    • digitally signing said digests with an X509 certificate
  • Requires three passes in order to canonicalize and digest generated sections. (see Savon::SOAP::XML#setup)

Savon::WSSE::VerifySignature

  • Reads a signed soap request/response and attempts to verify the signature
  • This class can be used to verify incomming responses, as well as to verify requests generated by Savon::WSSE::Signature for testing.

Installation

Savon is available through Rubygems and can be installed via:

$ gem install savon

Basic workflow

# Setting up a Savon::Client representing a SOAP service.
client = Savon::Client.new do
  wsdl.document = "http://service.example.com?wsdl"
end

client.wsdl.soap_actions
# => [:create_user, :get_user, :get_all_users]

# Executing a SOAP request to call a "getUser" action.
response = client.request :get_user do
  soap.body = { :id => 1 }
end

response.to_hash
# => { :get_user_response => { :first_name => "The", :last_name => "Hoff" } }

Excited to learn more?

Then you might want to go ahead and read the Savon Guide.

Something went wrong with that request. Please try again.