There are several weeks that I'm trying to create a soap server in php that at first serves a wsdl with authentication header on it and at second it accepts only authenticated users in every request. But I' ve only made it fully working only without authentication. Every search I 've made and every solution I 've found contains a SoapClient,Zend_Soap_Client,nu_soap_client (you name it) and either some kind of wrapper class around my class or only addition of username & password on the client.
But at my solution only the server is in php and client are various programs written in java etc, not in php. Here is my code for (I use zend here but the idea is the same on plain php) the wsdl generation and the server part:
use Zend\Soap\AutoDiscover as Zend_Soap_AutoDiscover;
use Zend\Soap\Server as Zend_Soap_Server;
if (isset($_GET['wsdl'])) {
$autodiscover = new Zend\Soap\AutoDiscover();
$autodiscover->setClass('MyClass');
$autodiscover->setUri('http://Myclass/path/');
$autodiscover->handle();
exit;
}
$server = new Zend_Soap_Server(null, array(
'uri' => 'http://Myclass/path/',
));
$server->setClass('Myclass');
$server->handle();
I also used piotrooo's wsdl generator and plain php soap library like this:
use WSDL\WSDLCreator;
// use WSDL\XML\Styles\DocumentLiteralWrapped;
if (isset($_GET['wsdl'])) {
$wsdl = new WSDL\WSDLCreator('Myclass', 'http://Myclass/path/');
$wsdl->setNamespace("http://Myclass/path/");
$wsdl->renderWSDL();
exit;
}
$server = new SoapServer(null, array(
'uri' => 'http://Myclass/path/',
// 'style' => SOAP_DOCUMENT,
// 'use' => SOAP_LITERAL,
));
$server->setClass('Myclass');
$server->handle();
And my class:
class Myclass
{
public function __construct()
{
/*some db stuff with doctrine*/
}
/**
* #param string $id
* #return object
*/
public function Id($id)
{
/*I'm using doctrine to fetch data from db and then return an object/or array*/
}
}
At last this is the auto generated wsdl:
<definitions name="Myclass" targetNamespace="http://Myclass/path/"><types><xsd:schema targetNamespace="http://Myclass/path/"/></types><portType name="MyclassPort"><operation name="Id"><documentation>Id</documentation><input message="tns:IdIn"/><output message="tns:IdOut"/></operation></portType><binding name="MyclassBinding" type="tns:MyclassPort"><soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/><operation name="Id"><soap:operation soapAction="http://Myclass/path/#Id"/><input><soap:body use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://Myclass/path/"/></input><output><soap:body use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://Myclass/path/"/></output></operation></binding><service name="MyclassService"><port name="MyclassPort" binding="tns:MyclassBinding"><soap:address location="http://Myclass/path/"/></port></service><message name="IdIn"><part name="id" type="xsd:string"/></message><message name="IdOut"><part name="return" type="xsd:struct"/></message></definitions>
Annotations vary on each generator.
I also tried nusoap but I was disappointed because of it's pure class method discovery. I must add that I'm testing usage of service with soapui (that's why I don't want php's SoapClient or equivalent examples).
Last I also must say that I tried solutions of adding authentication method inside my class and this worked BUT this didn't prevent unauthenticated user from accessing ws.
A little extra information. As of my research every answer I was found was about SOAPClient for example the $client->__addheader() function etc. Please tell me if I' m wrong or if this can't be done with PHP because I ll have to find someone else to do this for me with another programming language like Java etc.
Thanks in advance
Dimitris
You could have your clients send the authentication information in basically 3 places: SOAP Body, SOAP Headers, HTTP Headers. Of the three I think the proper one is SOAP Headers so I'll go with that for this example. (Note I'm using some custom auth header format, but I suggest you research about the WS-Security protocol.)
class Myclass
{
public function __construct()
{
/*some db stuff with doctrine*/
}
public function Auth($auth)
{
if (! $this->validateUser($auth->Username, $auth->Password)) {
throw new SoapFault('Client.Authentication', 'Invalid username or password');
}
}
/**
* #param string $id
* #return object
*/
public function Id($id)
{
/*...*/
}
private function validateUser($user, $password)
{
/*...*/
}
}
Now for the client: I think you in your server role don't have to worry about which particular clients will be consuming your service, simply because you can't consider them all. That's why there are standards, to abstract from particular implementations. So, as long as you follow the standard, you can trust any client will comply. And luckily, SOAP headers are part of the standard.
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header>
<Auth>
<Username>foo</Username>
<Password>bar</Password>
</Auth>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<Id>4</Id>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
That is the XML you are expecting to receive, regardless of the client.
Finally, the WSDL. From what I've read, neither Zend Autodiscover nor piotrooo's library support headers definition. Apparently Yii's CWebService does (with proper method annotations).
In the worst case scenario, you can write the WSDL yourself, or adapt it from the one generated with your library of choice.
Links:
http://www.yiiframework.com/doc/api/1.1/CWebService
http://www.ibm.com/developerworks/library/ws-tip-headers/
UPDATE:
class Auth
{
/**
* #soap
* #var string
*/
public $Username;
/**
* #soap
* #var string
*/
public $Password;
}
class MyClass
{
private $authenticated = false;
public function Auth($auth)
{
if ($this->validateUser($auth->Username, $auth->Password)) {
$this->authenticated = true;
}
}
/**
* #soap
* #header Auth $auth
* #param string $id
* #return object
*/
public function Id($id)
{
if (! $this->authenticated) {
throw new SoapFault('Client.Authentication', 'Invalid username or password');
}
//return $id;
}
private function validateUser($user, $password)
{
return $user == 'foo';
}
}
require __DIR__ . '/vendor/yiisoft/yii/framework/yii.php';
$URL = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
if (isset($_GET['wsdl'])) {
$gen = new CWsdlGenerator();
$wsdl = $gen->generateWsdl(MyClass::class, $URL);
header("Content-type: text/xml; charset=utf-8");
echo $wsdl;
}
else {
$server = new SoapServer($URL . '?wsdl');
$server->setClass(MyClass::class);
echo $server->handle();
}
This is indeed working as expected with the sample XML I provided before.
(You just need to change <Id>4</Id> for <Id><id>4</id></Id>).
Related
I have to do requets to a SOAP API with PHP and I need the following SOAP-Header structure:
<soapenv:Header>
<ver:authentication>
<pw>xxx</pw>
<user>xxx</user>
</ver:authentication>
</soapenv:Header>
How can I build this header?
I tried
$auth = [
"ver:authentication" => [
"pw" => $this->pw,
"user" => $this->user
]
];
$options = [];
$options["trace"] = TRUE;
$options["cache_wsdl"] = WSDL_CACHE_NONE;
$options["compression"] = SOAP_COMPRESSION_ACCEPT | SOAP_COMPRESSION_GZIP;
$client = new SoapClient("www.my-url.com/wsdl", $options);
$header = new SoapHeader("www.my-url.com", "authentication", $auth, false);
$client->__setSoapHeaders($header);
but it does not work. The respons is "failure" which I get, when the header structure is incorrect...
please help
the solution could be object driven. In the following code an example is given. Please keep in mind, that the following code is not testet.
class Authentication
{
protected $user;
protected $pw;
public function getUser() : ?string
{
return $this->user;
}
public function setUser(string $user) : Authentication
{
$this->user = $user;
return $this;
}
public function getPw() : string
{
return $this->pw;
}
public function setPw(string $pw) : Authentication
{
$this->pw = $pw;
return $this;
}
}
The above shown class is a simple entity, which contains two properties $user fpr the username and $pw for the password. Further it contains the getter and setter functions for retrieving or setting the values for the two properties.
For the next step just fill the class with data and store it in a SoapVar object.
$authentication = (new Authentication())
->setUser('Username')
->setPw('YourEncodedPassword');
$soapEncodedObject = new \SoapVar(
$authentication,
SOAP_ENC_OBJECT,
null,
null,
'authentication',
'http://www.example.com/namespace'
);
As you can see above, your authentication class will be stored as soap var object. It is encoded as soap object. The only thing you have to do is setting the namespace for this object. In your given example it is ver:. With this namespace prefix somewhere in your wsdl file a namespace is noted. You have to find out this namespace url and just replace the example url http://www.example.com/namespace with the right url noted in your wsdl.
The next step is setting this as soap header. That 's quite simple.
try {
$client = new SoapClient('http://www.example.com/?wsdl', [
'trace' => true,
'exception' => true,
'cache_wsdl' => WSDL_CACHE_NONE,
'compression' => SOAP_COMPRESSION_ACCEPT | SOAP_COMPRESSION_GZIP,
]);
// set the soap header
$header = new SoapHeader('http://www.example.com/namespace', 'authentication', $authentication, false);
$client->setSoapHeaders($header);
// send the request
$result = $client->someWsdlFunction($params);
} catch (SoapFault $e) {
echo "<pre>";
var_dump($e);
echo "</pre>";
if ($client) {
echo "<pre>";
var_dump($client->__getLastRequest());
echo "</pre>";
echo "<pre>";
var_dump($client->__getLastResponse());
echo "</pre>";
}
}
As you can see it 's a bit different from your given example. Instead of an array it 's the soap encoded authentication object, that is given to the soap header class. For failure purposes there is a try/catch block around your soap client. In that case you can identify the error and if the client was initiated correctly, you can also see the last request and last response in xml.
I hope, that I helped you. ;)
I would strongly advise you 2 things:
Use a WSDL to PHP generator in order to properly construct your request. In addition, it will ease you the response handling. Everything is then using the OOP which is much better. Take a look to the PackageGenerator project.
Use the WsSecurity project in order to easily add your dedicated SoapHeader without wondering how to construct it neither.
I have to implement a SOAP Web Service using PHP.
I did it by using the SoapServer class and all works fine.
I need to use a specific format for the request: they have to contain a "Header" tag with an "Authentication" tag in which there is a token that I have to use to authenticate the client that performed the request.
I used "file_get_contents('php //input')" to get the entire request that I received and then parsed it to retrieve the token that I needed.
This works fine if I try to simulate a SOAP request by using SoapUI. But, if I try to do the request by using PHP SoapClient and use the function SoapHeader to set the header, on the server side "file_get_contents('php //input')" returns only the fields of the entire request (contained in the XML tags of the XML request) merged together in a string, instead of returning the entire XML in a string format.
I cannot understand why.
The SoapServer class isn 't well documented in the PHP documentation. The SoapServer class does everything that you have in mind completely automatically. You have to use a decorator class. What a decorator is and what it does I 'll explain in the next lines. I 'm trying to give you a push in the right direction.
A while ago I had to implement the WSSE authentication standard. I 'll take some parts from the WSSE standard for this example.
The incoming request had a header that looked like this ...
<soapenv:Header>
<wsse:Security xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsc:SecurityContextToken>
<wsc:Identifier>identifier</wsc:Identifier>
</wsc:SecurityContextToken>
</wsse:Security>
</soapenv:Header>
The key (identifier) identifies an authorized user to perform a function of the web service. In this sense, we must check that the key is valid before executing any function. For this purpose we need a decorator class, that is executed before the actual function is executed.
class AuthDecorator
{
/**
* Name of the class, which contains the webservice methods
* #var string
*/
protected $class;
/**
* Flag, if the recieved identifier is valid
* #var boolean
*/
protected $isValid = false;
public function getClass() : string
{
return $this->class;
}
public function setClass($class) : AuthDecorator
{
$this->class = $class;
return $this;
}
public function getIsValid() : bool
{
return $this->isValid;
}
public function setIsValid(bool $isValid) : AuthDecorator
{
$this->isValid = $isValid;
return $this;
}
public function __call(string $method, array $arguments)
{
if (!method_exists($this->class, $method)) {
throw new \SoapFault(
'Server',
sprintf(
'The method %s does not exist.',
$method
)
);
}
if (!$this->getIsValid()) {
// return a status object here, wenn identifier is invalid
}
return call_user_func_array(
[ $this->class, $method ],
$arguments
);
}
/**
* Here 's the magic! Method is called automatically with every recieved request
*
* #param object $security Security node form xml request header
*/
public function Security($security) : void
{
// auth against session or database or whatever here
$identifier = $this->getIdentifierFromSomewhereFunc();
if ($security->SecurityContextToken->Identifier == $identfier) {
$this->setIsValid(true);
}
}
}
That 's the decorator class. Looks easy, hm? The decorator contains a class named like the first child of the xml header of the recieved request. This method will be executed automatically every time we recieve a request with the soap server. Beside that the decorator checks, if the called soap server function is available. If not a soap fault is thrown that the soap client on the consumer side recieves. If a method exists is quite easy, too. Every webservice method we put in a class.
class SimpleWebservice
{
public function doSomeCoolStuff($withCoolParams) : \SoapVar
{
// do some fancy stuff here and return a SoapVar object as response
}
}
For illustrative purposes, our web service just has this one function.
But how the hell we bring the decorator to work with the soap server?
Easy, mate. The SoapServer class has some pretty tricky functionality, that is not documented. The class has a method called setObject. This method will do the trick.
$server = new \SoapServer(
$path_to_wsdl_file,
[
'encoding' => 'UTF-8',
'send_errors' => true,
'soap_version' => SOAP_1_2,
]
);
$decorator = new AuthDecorator();
$decorator->setClass(SimpleWebservice::class);
$server->setObject($decorator);
$server->handle();
That 's awesome, right? Just initializing the SoapServer class, add the decorator with the setObject method and run it with the handle method. The soap server recieves all requests and before calling the webservice method the decorator will check, if the identifier is valid. Only if the identifier is valid, the called webservice method will be executed.
How 's the soap client request looking?
On the other side the soap client can look like this ...
$client = new SoapClient(
$path_to_wsdl_file,
[
'cache_wsdl' => WSDL_CACHE_NONE,
'compression' => SOAP_COMPRESSION_ACCEPT | SOAP_COMPRESSION_GZIP,
'exceptions' => true,
'trace' => true,
]
);
$securityContextToken = new \stdClass();
$securityContextToken->Identifier = 'identifier';
$securityContextToken = new \SoapVar(
$securityContextToken,
SOAP_ENC_OBJ,
null,
null,
'SecurityContextToken',
'http://schemas.xmlsoap.org/ws/2005/02/sc'
);
$security = new stdClass();
$security->SecurityContextToken = $securityContextToken;
$security = new \SoapVar(
$security,
SOAP_ENC_OBJ,
null,
null,
'Security',
'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
);
$header = new \SoapHeader(
'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd',
'Security',
$security
);
$client->__setSoapHeaders($header);
$result = $client->doSomeCoolStuff(new \SoapParam(...));
Conclusion
When working in an object orientated context the SoapServer and SoapClient classes are pretty cool. Because the documentation doesn 't really give much about both classes, you have to test and learn. You can easily create a SOAP webservice when you know how. Without writing any xml as a string.
Before you productively use the code examples seen here, please make sure that they are only examples and not intended for productive use. The shown examples should push you in the right direction. ;)
Questions?
I am new to WebServices in General, and so far I have developed a Web Service SoapServer using Zend/Soap. I have been able to use it just fine, the problem is, that i want the client to be able to send the data as and array .
So far this is what i have done:
soap_server.php
<?php
/*
* url_helper used to check the client Access Ip adrress and Port, in case is from dev or prod enviorement. etc.
* returns the portion of the URL dynamicly in case its accesded from a public or local location.
*
*/
function url_helper(){
$s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : "";
$sp = strtolower($_SERVER["SERVER_PROTOCOL"]);
$protocol = substr($sp, 0, strpos($sp, "/")) . $s;
$port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]);
return $protocol . "://" . $_SERVER['SERVER_NAME'] . $port;
}
if(($_SERVER['PHP_AUTH_USER'] == "test") AND ($_SERVER['PHP_AUTH_PW'] == "secret")){
//autoload from composer, loads all the required files for ZendSoap
include("vendor/autoload.php");
$serviceURL = url_helper().'/soap_server.php';
//The class for the WebService
class soap_server{
/**
*
* #param string $str1
* #param string $str2
* #param string $str3
* #return stdClass
*/
public function TEST($str1,$str2,$str3) {
// do some work here he
$response = new stdClass();
$response->message = "vars = ($str1,$str2,$str3)";
$response->success = true;
return $response;
}
}
// Generate WSDL relevant to code
if (isset($_GET['wsdl'])){
$autodiscover = new Zend\Soap\AutoDiscover();
$autodiscover->setClass('soap_server')
->setUri($serviceURL)
->setServiceName('soap_server');
$autodiscover->generate();
$autodiscover->handle();
//Soap Server
} else {
$server = new Zend\Soap\Server(null,array('uri' => $serviceURL.'?wsdl'));
$server->setClass('soap_server');
$server->handle();
}
}
else
{
//Send headers to cause a browser to request
//username and password from user
header("WWW-Authenticate: " .
"Basic realm=\"Protected Area\"");
header("HTTP/1.0 401 Unauthorized");
//Show failure text, which browsers usually
//show only after several failed attempts
print("This page is protected by HTTP " .
"Authentication.<br>\nUse <b>User</b> " .
"for the username, and <b>PW</b> " .
"for the password.<br>\n");
}
And the test client works fine when i send at as String, as intended and defined in the soapServer:
test_client.php
include("vendor/autoload.php");
$client = new Zend\Soap\Client("http://127.0.0.1/soap_server.php?wsdl",array('login'=>'test','password'=>'secret'));
$result1 = $client->TEST('Data1','OtherString','test');
print_r($result1);
All i need now if find a way so that the client can send me data in and Array like:
$data = array('str1'=>'Data1','str2'=>'OtherString','str3'=>'test');
But i don't know how to set this up with Zend Framework Autodiscovery and pair it with a working client. Have tried using type array instead of String, but with no success.
Thanks a lot for any help.
Sincerely,
Daniel
EDIT
So I have done further testing, and i do get to set up and Array or and stdClass in the docblock and it works in the following way:
The sample Zend Framework Soap Server:
$serviceURL = url_helper().'/test_ws.php';
//The class for the WebService
class test_ws{
/**
*
* #param string $str1
* #param array $myArray
* #param stdClass $myObject test
* #return stdClass
*/
public function TEST2($str1,$myArray,$myObject) {
// do some work here
$response = new stdClass();
$response->string = $str1;
$response->array = var_export($myArray,TRUE);
$response->stdClass = var_export($myObject,TRUE);
$response->object1 = $myObject->obj1;
$response->success = true;
return $response;
}
}
// Generate WSDL relevant to code
if (isset($_GET['wsdl'])){
$autodiscover = new Zend\Soap\AutoDiscover();
$autodiscover->setClass('test_ws')
->setUri($serviceURL)
->setServiceName('test_ws');
$autodiscover->generate();
$autodiscover->handle();
//Soap Server
} else {
$server = new Zend\Soap\Server(null,array('uri' => $serviceURL.'?wsdl'));
$server->setClass('test_ws');
$server->handle();
}
}
The Soap Call:
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:test="http://10.1.11.122/ws_kioskos/test_ws.php">
<soapenv:Header/>
<soapenv:Body>
<test:TEST2 soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<str1 xsi:type="xsd:string">String</str1>
<myArray xsi:type="soapenc:Array" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
<!--You may enter ANY elements at this point-->
<elem1 xsi:type="xsd:string">pos1</elem1>
<elem2 xsi:type="xsd:string">pos2</elem2>
</myArray>
<myObject xsi:type="test:stdClass">
<obj1 xsi:type="xsd:string">HELO</obj1>
<obj2 xsi:type="xsd:string">WORLD</obj2>
</myObject>
</test:TEST2>
</soapenv:Body>
</soapenv:Envelope>
And the Soap Response:
<SOAP-ENV:Envelope SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://10.1.11.122/ws_kioskos/test_ws.php?wsdl" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<ns1:TEST2Response>
<return xsi:type="SOAP-ENC:Struct">
<string xsi:type="xsd:string">String</string>
<array xsi:type="xsd:string">array (0 => 'pos1', 1 => 'pos2',)</array>
<stdClass xsi:type="xsd:string">stdClass::__set_state(array('obj1' => 'HELO', 'obj2' => 'WORLD',))</stdClass>
<object1 xsi:type="xsd:string">HELO</object1>
<success xsi:type="xsd:boolean">true</success>
</return>
</ns1:TEST2Response>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
So with The stdClass I´m close to what i want to implement, as you can see with the:
<object1 xsi:type="xsd:string">HELO</object1> the only think missing is If there is a way to tell the Autodiscover Method what are the elements that are inside the stdClass, so that the client know how to interact with the WSDL, or is there another approach that would let me do such think.
I have read some about using Complex Data types, and using a ClassMap to define the WebService, but i could not make anything work with it, as i could not find good documentation for such implementation.
Once again,
Thanks a lot for any help.
Daniel
Working example
After some research, here is the solution that would be useful to anyone who builds SOAP server with zend-soap in Laravel.
Acme\Controllers\SoapController class:
...
public function wsdl()
{
$wsdl = new AutoDiscover(new ArrayOfTypeComplex());
$this->populateServer($wsdl);
return response($wsdl->toXml(), 200)
->header('Content-Type', 'application/wsdl+xml');
}
private function populateServer($server)
{
$server->setClass(MyService::class);
$server->setUri('http://host.com/soap/server');
}
public function server(Request $request)
{
$server = new Zend\Soap\ServerServer();
$this->populateServer($server);
$response = $server->handle();
return response($response, 200)->header('Content-Type', 'application/soap+xml');
}
...
Acme\Services\MyService class:
namespace Acme\Services;
class MyService
{
/**
* Does something.
* #param Acme\Types\ItemType[] $items
* #return \StdClass
*/
public function doSomething(array $items)
{
// ...
}
}
Acme\Types\ItemType class:
namespace Acme\Types;
class ItemType
{
/**
* #var string
*/
public $propertyName;
}
Please note two things:
Use Zend\Soap\Wsdl\ComplexTypeStrategy\ArrayOfTypeComplex strategy; and
Provide fully-qualified class name in a docblock.
Hope that helps.
class WSSoapClient extends SoapClient {
private $username;
private $password;
/*Generates de WSSecurity header*/
private function wssecurity_header() {
/* The timestamp. The computer must be on time or the server you are
* connecting may reject the password digest for security.
*/
$timestamp = gmdate('Y-m-d\TH:i:s\Z');
/* A random word. The use of rand() may repeat the word if the server is
* very loaded.
*/
$nonce = mt_rand();
/* This is the right way to create the password digest. Using the
* password directly may work also, but it's not secure to transmit it
* without encryption. And anyway, at least with axis+wss4j, the nonce
* and timestamp are mandatory anyway.
*/
$passdigest = base64_encode(
pack('H*',
sha1(
pack('H*', $nonce) . pack('a*',$timestamp).
pack('a*',$this->password))));
$auth='
<wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\">
<wsse:UsernameToken wsu:Id=\"UsernameToken-2\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">
<wsse:Username>'.$username.'</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">'.$password.'</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<wsa:Action>http://www.kbb.com/2011/01/25/VehicleInformationService/IVehicleInformationService/GetYears</wsa:Action>
';
/* XSD_ANYXML (or 147) is the code to add xml directly into a SoapVar.
* Using other codes such as SOAP_ENC, it's really difficult to set the
* correct namespace for the variables, so the axis server rejects the
* xml.
*/
$authvalues = new SoapVar($auth,XSD_ANYXML);
$header = new SoapHeader("http://docs.oasis-open.org/wss/2004/01/oasis-".
"200401-wss-wssecurity-secext-1.0.xsd", "Security", $authvalues,
true);
return $header;
}
/* It's necessary to call it if you want to set a different user and
* password
*/
public function __setUsernameToken($username, $password) {
$this->username = $username;
$this->password = $password;
}
/* Overwrites the original method adding the security header. As you can
* see, if you want to add more headers, the method needs to be modifyed
*/
public function __soapCall($function_name, $arguments, $options=null,
$input_headers=null, $output_headers=null) {
$result = parent::__soapCall($function_name, $arguments, $options,
$this->wssecurity_header());
return $result;
}
}
I am trying to use this but I am getting the following error:
Fatal error: Uncaught SoapFault exception: [HTTP] Cannot process the message because the content type 'text/xml; charset=utf-8' was not the expected type 'application/soap+xml; charset=utf-8'
Please tell me how can I set the content type using SOAP object.
If somebody needs answer for the same question, the answer is simple. You need to use SOAP version 1.2 to pass Content-Type: application/soap+xml
$soapClient = new SoapClient('http://example.com/wsdl.wsdl',array(
'soap_version' => SOAP_1_2,
));
But, you must be careful, because it also adds action: youraction to Content-Type. For example:
Content-Type: application/soap+xml; charset=utf-8; action="http://example.com/path/to/your/action"
Doing some SOAP calls to a 3rd party application. They provide this soap header as an example of what the application expects. How can I create a SOAP header like this in PHP?
<SOAP-ENV:Header>
<NS1:Security xsi:type="NS2:Security" xmlns:NS1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:NS2="urn:dkWSValueObjects">
<NS2:UsernameToken xsi:type="NS2:TUsernameToken">
<Username xsi:type="xsd:string">XXXX</Username>
<Password xsi:type="xsd:string">XXX</Password>
</NS2:UsernameToken>
</NS1:Security>
</SOAP-ENV:Header>
I do what i think is a correct call and keep getting in return that no headers were sent.
Here is a sample from my code.
class SOAPStruct
{
function __construct($user, $pass)
{
$this->Username = $user;
$this->Password = $pass;
}
}
$client = new SoapClient("http://www.example.com/service");
$auth = new SOAPStruct("username", "password");
$header = new SoapHeader("http://example.com/service", "TUsernameToken", $auth);
$client->__setSoapHeaders(array($header));
$client->__soapCall("GetSubscriptionGroupTypes", array(), NULL, $header)
And this is the SOAP header i get back. (its more but i stripped info away that might be sensitive)
<SOAP-ENV:Header>
<ns2:TUsernameToken>
<Username>username</Username>
<Password>password</Password>
</ns2:TUsernameToken>
</SOAP-ENV:Header>
SOAP header handling in PHP is actually not very flexible and I'd go as far as saying that especially the use two namespaces within the header will make it impossible to inject the header simply by using a SoapHeader-construct of some type.
I think the best way to handle this one is to shape the XML request yourself by overriding SoapClient::__doRequest() in a custom class that extends SoapClient.
class My_SoapClient extends SoapClient
{
public function __doRequest($request, $location, $action, $version, $one_way = 0)
{
$xmlRequest = new DOMDocument('1.0');
$xmlRequest->loadXML($request);
/*
* Do your processing using DOM
* e.g. insert security header and so on
*/
$request = $xmlRequest->saveXML();
return parent::__doRequest($request, $location, $action, $version, $one_way);
}
}
Please see SoapClient::__doRequest for further information and some examples.