Announcement Announcement Module
Collapse
No announcement yet.
Authentication and PHP Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Authentication and PHP

    Hi,

    I'm using SpringWS to implement some web services that my customer need to consume using PHP and default SOAP extension.

    I'm using digest passwords and SimplePasswordValidationCallbackHandler. I have the following configuration:

    Code:
        <bean id="passwordValidationHandler" class="org.springframework.ws.soap.security.xwss.callback.SimplePasswordValidationCallbackHandler">
            <property name="users">
                <props>
                    <prop key="myuser">q5aerTWe74r</prop>
                </props>
            </property>
        </bean>
    I also have a "wss-server-config.xml" with the following code:
    Code:
    <?xml version="1.0"?>
    <xwss:SecurityConfiguration xmlns:xwss="[path to ns]">
        <xwss:RequireUsernameToken passwordDigestRequired="true" nonceRequired="false" />
    </xwss:SecurityConfiguration>
    Interceptors are correctly setted, if I don't authenticate, the services will kick me off (and that's normal behavior)

    It works very well when I try to query them with SoapUI, but my customer has a lot of difficulties to authenticate with php.

    Could you give me any hint on either 1) correctly authenticate on such a service with php or 2) change the authentication strategy so that will work with php and the default soap extension?

    I must confess that I don't have solid skills with php, so it's a bit tricky for me to debug it

    Any clue will be highly appreciated

    Thanks

  • #2
    I suggest you configure a logging interceptor on your service to see how the incoming requests look like.

    Comment


    • #3
      Hi,

      thanks for the hint. Here is what I get:

      Code:
      DEBUG - dlDefinitionHandlerAdapter - Transforming [/services/productService/] to [http://localhost:8080/CosimooV2/services/productService/]
      DEBUG - MessageDispatcherServlet   - Successfully completed request
      DEBUG - MessageTracing             - Received request [SaajSoapMessage {http://cosimoo.com/pr/schemas}StaticProductListRequest]
      DEBUG - adRootQNameEndpointMapping - Looking up endpoint for [{http://cosimoo.com/pr/schemas}StaticProductListRequest]
      DEBUG - SoapMessageDispatcher      - Endpoint mapping [org.springframework.ws.server.endpoint.mapping.PayloadRootQNameEndpointMapping@64e5b2] has no mapping for request
      DEBUG - adRootQNameEndpointMapping - Looking up endpoint for [{http://cosimoo.com/pr/schemas}StaticProductListRequest]
      DEBUG - SoapMessageDispatcher      - Endpoint mapping [org.springframework.ws.server.endpoint.mapping.PayloadRootQNameEndpointMapping@2445d7] has no mapping for request
      DEBUG - adRootQNameEndpointMapping - Looking up endpoint for [{http://cosimoo.com/pr/schemas}StaticProductListRequest]
      DEBUG - SoapMessageDispatcher      - Endpoint mapping [org.springframework.ws.server.endpoint.mapping.PayloadRootQNameEndpointMapping@165547d] has no mapping for request
      DEBUG - adRootQNameEndpointMapping - Looking up endpoint for [{http://cosimoo.com/pr/schemas}StaticProductListRequest]
      DEBUG - SoapMessageDispatcher      - Endpoint mapping [org.springframework.ws.server.endpoint.mapping.PayloadRootQNameEndpointMapping@19ce9e0] maps request to endpoint [booby.webservices.products.StaticProductListEndpoint@b890dc]
      DEBUG - PayloadLoggingInterceptor  - Request: <ns1:StaticProductListRequest xmlns:ns1="http://cosimoo.com/pr/schemas"><ns1:shopid>8</ns1:shopid></ns1:StaticProductListRequest>
      WARN  - XwsSecurityInterceptor     - Could not validate request: com.sun.xml.wss.XWSSecurityException: Message does not conform to configured policy [ AuthenticationTokenPolicy(S) ]:  No Security Header found; nested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: Message does not conform to configured policy [ AuthenticationTokenPolicy(S) ]:  No Security Header found
      DEBUG - MessageTracing             - Sendt response [SaajSoapMessage {http://schemas.xmlsoap.org/soap/envelope/}Fault] for request [SaajSoapMessage {http://cosimoo.com/pr/schemas}StaticProductListRequest]
      DEBUG - MessageDispatcherServlet   - Successfully completed request
      But now, I don't know how to fix it

      Comment


      • #4
        Sorry. here is the related PHP code, which produce the logging trace dumped above:

        Code:
        <?php
        	ini_set("soap.wsdl_cache_enabled","0");	
        
        	$options = array('trace' 			=> 1, 
        					 'login' 			=> 'xxx', 
        					 'password' 		=> 'yyy', 
        					 'authentication' 	=> SOAP_AUTHENTICATION_DIGEST);
        			
        	$client = new SoapClient("http://xxx:yyy@localhost:8080/...../product.wsdl",$options);				
        	
        	try
        	{
        		$products = $client->StaticProductList(array("shopid"=>8));
        	}
        	catch (Exception $e)
        	{
        		var_dump($e);
        		echo($client->__getLastRequestHeaders()."<br>");
        		echo($client->__getLastRequest()."<br>");				
        		echo($client->__getLastResponseHeaders());
        		die();
        	}	
        	
        	var_dump($products);
        ?>

        Comment


        • #5
          No idea?

          Too bad, I (naively) thought that web services are usefull to abstract from system and languages...

          As far as I can see, this seems not to be correctly implemented everywhere...

          Comment


          • #6
            I've implemented my own authentication strategy. Fields username/password are passed in the body of the query, and I control them at the beginning of each "invokeInternal" query, and throw an exception when authentication fails.

            I know that this is awful, ugly, poor security, etc. but if anybody has a better solution...

            Comment

            Working...
            X