Soap API + setting security header in response

StackOverflow https://stackoverflow.com/questions/21088210

Domanda

I am new to SOAP API.

I have implemented part where I need to pass WS-Security header in request and implemented security in Soap Server based on parameters we pass header.

Now my requirement is to send same Soap Header in Response that we pass.

Is it possible to implement?

If yes then guide me to proper direction.

È stato utile?

Soluzione

I have figured out how to send security header in response.

Lets take an example. I have calling NotifyTransportRequest from my soap client. By calling client I am passing below header using mentioned code.

//Setting Security Header - Start 
$authHeader = new stdClass();
$authHeader->UsernameToken->Username = "user";
$authHeader->UsernameToken->Password = "password";
$authHeader->Timestamp->Created = "2013-12-31T07:15:41.135Z";
$authHeader->Timestamp->Expires = "2013-12-31T07:16:41.135Z";
$Headers[] = new SoapHeader('http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-     wssecurity-secext-1.0.xsd', 'Security', $authHeader,TRUE);
// Setting Security Header - End

// Setting Security Header for Authentication - Start.
$Client->__setSoapHeaders($Headers);
// Setting Security Header for Authentication - End.

by this code it is passing below security header in Soap request.

<s:Header>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
     <u:Timestamp u:Id="_0">
       <u:Created>2014-01-16T12:39:31.050Z</u:Created>
       <u:Expires>2014-01-16T12:40:31.050Z</u:Expires>
     </u:Timestamp>
     <o:UsernameToken u:Id="uuid-6065f07d-c852-45c7-8df4-ef9b566b9536-1">
        <o:Username>user</o:Username>
        <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</o:Password>
      </o:UsernameToken>
    </o:Security>
 </s:Header>

Now when I return from Soap Header, I need to pass below code before returning something.

    $headerStart = strtotime(date('Y-m-d H:i:s')) - (1*60);
    $headerEnd   = strtotime(date('Y-m-d H:i:s')) + (1*60);

    $authHeader = new stdClass();
    $authHeader->UsernameToken->Username = "user";
    $authHeader->UsernameToken->Password = "password";
    $authHeader->Timestamp->Created = gmdate('Y-m-d\TH:i:s.u\Z', $headerStart);
    $authHeader->Timestamp->Expires = gmdate('Y-m-d\TH:i:s.u\Z', $headerEnd);
    $Header = new SoapHeader('http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd', 'Security', $authHeader, false);

    $GLOBALS['server']->addSoapHeader($Header);

It will add Soap Header in Response.

 <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns2="https://67.231.18.69/~verttest/dispatch/soap/medivan.wsdl">
      <SOAP-ENV:Header>
         <ns1:Security>
             <UsernameToken>
                <Username>user</Username>
                <Password>password</Password>
             </UsernameToken>
             <Timestamp>
                <Created>2014-01-16T12:40:28.000000Z</Created>
                <Expires>2014-01-16T12:42:28.000000Z</Expires>
             </Timestamp>
       </ns1:Security>
    </SOAP-ENV:Header>
    <SOAP-ENV:Body>
             .
             .
             .
    </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top