带有ws-security的PHP Soap客户端

时间:2016-03-09 12:06:27

标签: php soap-client ws-security

如何使用ws-security实现使用服务的SOAP客户端。

我有这个绑定信息

<wsHttpBinding>
<binding name="WSHttpBinding_Service" closeTimeout="00:01:00"
                    openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                    bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                        <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
                        <security mode="TransportWithMessageCredential">
                                <transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="false" />
                        </security>
                    </binding>
      </wsHttpBinding>

据我所知,这是一个.Net配置,必须映射到PHP中的相应定义。

对我的理解的wsHttpBinding意味着必须使用SOAP1.1,这似乎工作正常。

然而,安全设置是一个大问题。

是否有支持WS Security的PHP库?

我曾尝试为PHP调用添加安全标头:

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>username</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken></wsse:Security>

但是,这没有用。我错过了什么吗?

Stackoverflow中有很多关于PHP和WS-Security的问题,但我没有发现它们对它们有任何帮助。

编辑:事实证明服务器端存在问题。

1 个答案:

答案 0 :(得分:1)

您可以使用SoapClient来设置SOAP标头,使用vanilla PHP SoapVar(和朋友)。例如; 

$objSoapClient = new \SoapClient([...]);

$strXML = <<<XML
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:Username>username</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
    </wsse:UsernameToken>
</wsse:Security>
XML;
$objAuthVar = new \SoapVar($strXML, XSD_ANYXML);
$objAuthHeader = new \SoapHeader("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", 'Security', $objAuthVar, false);

$objSoapClient->__setSoapHeaders(array($objAuthHeader));
相关问题
最新问题