XML::Compile::WSS::BasicAuth - username/password security


   is a XML::Compile::WSS


 # you need a few constants
 use XML::Compile::WSS::Util  qw/:utp11/;

 # used in combination with any other XML schema
 my $auth = XML::Compile::WSS::BasicAuth->new
   ( schema   => $anything
   , username => $user
   , password => $password

 # connects itself to a WSDL
 my $wss  = XML::Compile::SOAP::WSS->new;
 my $wsdl = XML::Compile::WSDL11->new($wsdlfn);
 my $auth = $wss->basicAuth
   ( ... same params, except 'schema'


The generic Web Service Security protocol is implemented by the super class XML::Compile::WSS. This extension implements "basic authentication", i.e. username/password validation.

You can best use digested passwords (UTP11_PDIGEST) In that case, a timestamp, a nonce and SHA1 hashing will keep the password a secret.

Extends "DESCRIPTION" in XML::Compile::WSS.


Extends "METHODS" in XML::Compile::WSS.


Extends "Constructors" in XML::Compile::WSS.

 -Option     --Defined in       --Default
  created                         undef
  nonce                           'RANDOM'
  password                        <required>
  prepare      XML::Compile::WSS  'ALL'
  pwformat                        UTP11_PTEXT
  schema       XML::Compile::WSS  undef
  username                        <required>
  version      XML::Compile::WSS  undef
  wss_version  XML::Compile::WSS  '1.1'
  wsu_Id                          undef
created => DATETIME

See XML::Compile::WSS::dateTime() for choices of DATETIME.

[1.10] The caller of the operation may also pass a wsu_Created parameter, with the same formatting power.

nonce => STRING|CODE|'RANDOM'|undef

Only used then the password is passed as digest. This will cause the wsse:Nonce element.

[1.10] You may add wsse_Nonce to each operation call, to overrule the global setting.

When you pass a CODE, it will get called for each message to produce a STRING. The constant text 'RANDOM' will have a random nonce generator being called at each message.

password => STRING

The password in plain text. Use pwformat digest to send it encrypted over the network.

prepare => 'READER'|'WRITER'|'ALL'|'NONE'
pwformat => UTP11_PTEXT|UTP11_PDIGEST

With UTP11_PTEXT, the plain-text version of the password is shown. If PTWTYPE IS UTP11_PDIGEST, the plain-text password will be encrypted with SHA1. The %options can be used to salt the digest with "nonce" and/or "created" information before the encryption.

schema => an XML::Compile::Cache object
username => STRING
version => STRING
wss_version => '1.1'|MODULE
wsu_Id => STRING

Adds a wsu:Id attribute to the created element.


Extends "Attributes" in XML::Compile::WSS.


Inherited, see "Attributes" in XML::Compile::WSS


Inherited, see "Attributes" in XML::Compile::WSS



Extends "Apply" in XML::Compile::WSS.


Inherited, see "Apply" in XML::Compile::WSS

$obj->create($doc, $security, $data)

Inherited, see "Apply" in XML::Compile::WSS


Extends "Helpers" in XML::Compile::WSS.


Inherited, see "Helpers" in XML::Compile::WSS


Extends "Internals" in XML::Compile::WSS.

$obj->loadSchemas($schema, $version)
XML::Compile::WSS::BasicAuth->loadSchemas($schema, $version)

Inherited, see "Internals" in XML::Compile::WSS


Inherited, see "Internals" in XML::Compile::WSS


Extends "DETAILS" in XML::Compile::WSS.


This module is part of XML-Compile-WSS distribution version 1.14, built on May 08, 2017. Website:

Please post questions or ideas to the mailinglist at . For live contact with other developers, visit the #xml-compile channel on


Copyrights 2011-2017 by [Mark Overmeer]. For other contributors see ChangeLog.

This program is free software; you can redistribute it and/or modify it under the Artistic license. See