使用php \ SoapClient实现ws-security策略

时间:2014-05-19 15:08:14

标签: php soap-client ws-security

我正在尝试使用PHP Soap Client类发出soap请求,如下所示:

    $options = array(
        'soap_version' => SOAP_1_1, 
        'local_cert' => 'path/to/certfile.pem',
        'passphrase' => 'mypassphrase'
    );

    $client = new \SoapClient(
        'https:/url?wsdl',
        $options
    );

    $response = $client->__soapCall('get-operation', array());

    var_dump($response);

我收到以下错误:

These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token does not match the token inclusion requirement
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts: {http://schemas.xmlsoap.org/soap/envelope/}Body not SIGNED

根据我的理解,我必须将ws-securitypolicy添加到我的SOAP客户端,但我不知道如何执行此操作。

以下是有关安全策略的XML:

<wsp:Policy wsu:Id="SignatureRequired">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:AsymmetricBinding>
                <wsp:Policy>
                    <sp:InitiatorToken>
                        <wsp:Policy>
                            <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                                <wsp:Policy>
                                    <sp:RequireThumbprintReference/>
                                </wsp:Policy>
                            </sp:X509Token>
                        </wsp:Policy>
                    </sp:InitiatorToken>
                    <sp:RecipientToken>
                        <wsp:Policy>
                            <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToInitiator">
                                <wsp:Policy>
                                    <sp:RequireThumbprintReference/>
                                </wsp:Policy>
                            </sp:X509Token>
                        </wsp:Policy>
                    </sp:RecipientToken>
                    <sp:AlgorithmSuite>
                        <wsp:Policy>
                            <sp:TripleDes/>
                        </wsp:Policy>
                    </sp:AlgorithmSuite>
                    <sp:Layout>
                        <wsp:Policy>
                            <sp:Strict/>
                        </wsp:Policy>
                    </sp:Layout>
                    <sp:OnlySignEntireHeadersAndBody/>
                </wsp:Policy>
            </sp:AsymmetricBinding>
            <sp:SignedParts>
                <sp:Header Namespace="http://www.test." name="correlation-header"/>
                <sp:Body/>
            </sp:SignedParts>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

我的问题是:您是否有一个示例,说明如何在PHP或您使用的某个库中实现ws-security策略?

2 个答案:

答案 0 :(得分:0)

在本机PHP SOAP中查看WSSE(Web服务安全性)头的这种实现。

http://www.php.net/manual/en/soapclient.soapclient.php#97273

答案 1 :(得分:0)

我遇到了同样的问题。我知道有一个称为WSO WSF的框架。但我不会使用它,因为它是几年前的最新提交。而且因为我要把它带到工作中是愚蠢的。 当我试图获得连接时,终端说:

  

msg中没有标题元素

因此需要一个标题。我认为这对你也有帮助。祝你好运。

相关问题
最新问题