使用 PHP 进行 SOAP 身份验证

2021-12-24 00:00:00 authentication php soap nusoap wso2

我需要连接到需要纯文本用户名和密码形式的身份验证凭据的 Web 服务.

I need to connect to a web service that requires authentication credentials in the form of a plain text user name and password.

我对 SOAP 有基本的了解,并且已经设法使用 NuSOAP 连接到其他不需要用户名或密码的开放网络服务.

I have a basic understanding of SOAP and have managed to connect to other open web services that do not require a username or password using NuSOAP.

以下内容已发送给我:

<?php

// Set up security options
$security_options = array("useUsernameToken" => TRUE);
$policy = new WSPolicy(array("security" => $security_options));

$security_token = new WSSecurityToken(array(
    "user" => "xxx",
    "password" => "xxx",
    "passwordType" => "basic"));

// Create client with options
$client = new WSClient(array("wsdl" => "https://xxx.asmx?wsdl",
    "action" => "http://xxx",
    "to" => "https://xxx",
    "useWSA" => 'submission',
    "CACert" => "cert.pem",
    "useSOAP" => 1.1,
    "policy" => $policy,
    "securityToken" => $security_token));

// Send request and capture response
$proxy = $client->getProxy();

$input_array = array("From" => "2010-01-01 00:00:00",
    "To" => "2010-01-31 00:00:00");

$resMessage = $proxy->xxx($input_array);
?>

经过一些研究,我了解到上述实现使用 wso2.我需要能够在不使用 wso2 的情况下做到这一点.

After some research I understand that the above implementation uses wso2. I need to be able to do this without using wso2.

我已尽最大努力寻找有关上述内容的资源(Google、论坛等),但一无所获.我已经阅读了一些关于 SOAP 的教程,并且已经能够使用 PHP 设置一个 SOAP 客户端,但无法理解所有的身份验证和策略".

I have tried my best to look for resources (Google, forums, etc) about the above but haven't been able to find anything. I have read some tutorials on SOAP and have been able to set up a SOAP client using PHP but cannot get my head around all the authentication and "policies".

如果我正在扯头发,我将非常感谢有关如何实现这一点的解释以及一些进一步阅读有关此内容的链接!理想情况下,我想要一些资源链接,供 SOAP 身份验证的绝对初学者使用.

An explanation of how to achieve this and maybe some links to further reading about this would be very much appreciated as I am tearing my hair out! Ideally I would like some links to resources for an absolute beginner to the SOAP authentication.

谢谢.P.S 上面的一些链接/凭据可能已被 xxx'd 用于隐私.

Thanks. P.S some of the links/credentials in the above could have been xxx'd for privacy.

推荐答案

如果你在 php (php version >= 5.0.1) 中启用了 SOAP 扩展,你可以使用 SoapClient 类来处理您的请求.要进行身份验证,您可以将用户名和密码传递给具有目标 URL 的类:

If you have the SOAP extension enabled in php (php version >= 5.0.1), you can use the SoapClient class to process your request. To authenticate, you can pass the username and password to the class with the target URL:

$soapURL = "https://www.example.com/soapapi.asmx?wsdl" ;
$soapParameters = Array('login' => "myusername", 'password' => "mypassword") ;
$soapFunction = "someFunction" ;
$soapFunctionParameters = Array('param1' => 42, 'param2' => "Search") ;

$soapClient = new SoapClient($soapURL, $soapParameters);

$soapResult = $soapClient->__soapCall($soapFunction, $soapFunctionParameters) ;

if(is_array($soapResult) && isset($soapResult['someFunctionResult'])) {
    // Process result.
} else {
    // Unexpected result
    if(function_exists("debug_message")) {
        debug_message("Unexpected soapResult for {$soapFunction}: ".print_r($soapResult, TRUE)) ;
    }
}

如果您不确定可以调用的函数,您可以在浏览器中查看目标 URL(例如以.asmx?wsdl"结尾).您应该得到一个 XML 响应,该响应告诉您可以调用的可用 SOAP 函数以及这些函数的预期参数.

If you're not sure about the functions you can call, you can view the target URL (e.g. ending in ".asmx?wsdl") in your browser. You should get an XML response that tells you the available SOAP functions you can call, and the expected parameters of those functions.

相关文章