简体   繁体   English

WSSE安全性PHP SoapServer-标头不明

[英]WSSE Security PHP SoapServer- Header not understood

I have a client call with a WSSE Security Header: 我有一个带有WSSE安全标题的客户电话:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken wsu:Id="UsernameToken-7BCCD9337425FBA038149772606059420"><wsse:Username>USERNAME</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">NONCE</wsse:Nonce><wsu:Created>2017-06-17T19:01:00.594Z</wsu:Created></wsse:UsernameToken></wsse:Security></soapenv:Header>
   <soapenv:Body>
      <ns:FUNCTION/>
   </soapenv:Body>
</soapenv:Envelope>

As SoapServer I have a simple one: 作为SoapServer,我有一个简单的例子:

// the SOAP Server options
$options=array(
    'trace' => true
    , 'cache_wsdl' => 0
    , 'soap_version' => SOAP_1_1
    , 'encoding' => 'UTF-8'
);

$wsdl = 'http://localhost/index.php?wsdl';

$server = new \SoapServer($wsdl, $options);
$server->setClass('ServerClass');
$server->handle();
$response = ob_get_clean();
echo $response;

As soon the property MustUnderstand = 1, then I become from the server the exception: Header not understood. 一旦属性MustUnderstand = 1,那么我就从服务器变成了例外:标头不被理解。

  1. How to understand the header? 如何理解标题?
  2. How to make the WSSE validation on the SoapServer side? 如何在SoapServer端进行WSSE验证?

The solution is very tricky! 解决方案非常棘手! I don't know why is this handled by this way from the SoapServer, but here is the solution: 我不知道为什么从SoapServer通过这种方式处理此问题,但这是解决方案:

class ServerClass {

    public function Security($data) {
        // ... do nothing
    }

    public function myFunction(){
        // here the body function implementation
    }
}

We need to define a function in our class, which is handling the soap request with the name of the header tag, which is holding the soap:mustUnderstand property. 我们需要在我们的类中定义一个函数,该函数使用标头标记的名称来处理soap请求,该标头具有soap:mustUnderstand属性。 The function doesn't need to be implemented in some way. 该功能不需要以某种方式实现。

That's all! 就这样!

Mutatos' question / answer got me on the right track. Mutatos的问题/答案使我步入正轨。 I was working outside of a class structure so what worked for me was the following: 我在班级结构之外工作,因此对我有用的是:

function Security($data)
{
    $username = $data->UsernameToken->Username;
    $password = $data->UsernameToken->Password;
    //check security credentials here
}

$server = new SoapServer("schema/wsdls/FCI_BookingPullService.wsdl", array('soap_version' => SOAP_1_2));
$server->addFunction("Security");
$server->handle();

Essentially a function with the same name as the SOAP header "<wsse:Security>" (ignore the namespace) is being defined, then telling the server to use that to process the header with the 'addFunction' method. 本质上,正在定义一个与SOAP头“ <wsse:Security>”同名的函数(忽略名称空间),然后告诉服务器使用该函数通过'addFunction'方法处理该头。

Not ideal from a scope point of view, if that's an issue, try the class approach. 从范围的角度来看并不理想,如果这是一个问题,请尝试使用类方法。

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM