Soap API + setting security header in response

StackOverflow https://stackoverflow.com/questions/21088210

Question

I am new to SOAP API.

I have implemented part where I need to pass WS-Security header in request and implemented security in Soap Server based on parameters we pass header.

Now my requirement is to send same Soap Header in Response that we pass.

Is it possible to implement?

If yes then guide me to proper direction.

Was it helpful?

Solution

I have figured out how to send security header in response.

Lets take an example. I have calling NotifyTransportRequest from my soap client. By calling client I am passing below header using mentioned code.

//Setting Security Header - Start 
$authHeader = new stdClass();
$authHeader->UsernameToken->Username = "user";
$authHeader->UsernameToken->Password = "password";
$authHeader->Timestamp->Created = "2013-12-31T07:15:41.135Z";
$authHeader->Timestamp->Expires = "2013-12-31T07:16:41.135Z";
$Headers[] = new SoapHeader('http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-     wssecurity-secext-1.0.xsd', 'Security', $authHeader,TRUE);
// Setting Security Header - End

// Setting Security Header for Authentication - Start.
$Client->__setSoapHeaders($Headers);
// Setting Security Header for Authentication - End.

by this code it is passing below security header in Soap request.

<s:Header>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
     <u:Timestamp u:Id="_0">
       <u:Created>2014-01-16T12:39:31.050Z</u:Created>
       <u:Expires>2014-01-16T12:40:31.050Z</u:Expires>
     </u:Timestamp>
     <o:UsernameToken u:Id="uuid-6065f07d-c852-45c7-8df4-ef9b566b9536-1">
        <o:Username>user</o:Username>
        <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</o:Password>
      </o:UsernameToken>
    </o:Security>
 </s:Header>

Now when I return from Soap Header, I need to pass below code before returning something.

    $headerStart = strtotime(date('Y-m-d H:i:s')) - (1*60);
    $headerEnd   = strtotime(date('Y-m-d H:i:s')) + (1*60);

    $authHeader = new stdClass();
    $authHeader->UsernameToken->Username = "user";
    $authHeader->UsernameToken->Password = "password";
    $authHeader->Timestamp->Created = gmdate('Y-m-d\TH:i:s.u\Z', $headerStart);
    $authHeader->Timestamp->Expires = gmdate('Y-m-d\TH:i:s.u\Z', $headerEnd);
    $Header = new SoapHeader('http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd', 'Security', $authHeader, false);

    $GLOBALS['server']->addSoapHeader($Header);

It will add Soap Header in Response.

 <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns2="https://67.231.18.69/~verttest/dispatch/soap/medivan.wsdl">
      <SOAP-ENV:Header>
         <ns1:Security>
             <UsernameToken>
                <Username>user</Username>
                <Password>password</Password>
             </UsernameToken>
             <Timestamp>
                <Created>2014-01-16T12:40:28.000000Z</Created>
                <Expires>2014-01-16T12:42:28.000000Z</Expires>
             </Timestamp>
       </ns1:Security>
    </SOAP-ENV:Header>
    <SOAP-ENV:Body>
             .
             .
             .
    </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top