1

我是 SOAP API 的新手。

我已经实现了需要在请求中传递 WS-Security 标头的部分,并根据我们传递标头的参数在 Soap Server 中实现了安全性。

现在我的要求是在我们传递的响应中发送相同的 Soap Header。

是否可以实施?

如果是,请指导我正确的方向。

4

1 回答 1

2

我已经想出了如何发送安全标头作为响应。

让我们举个例子。我从我的肥皂客户端调用NotifyTransportRequest 。通过调用客户端,我使用提到的代码在标题下方传递。

//Setting Security Header - Start 
$authHeader = new stdClass();
$authHeader->UsernameToken->Username = "user";
$authHeader->UsernameToken->Password = "password";
$authHeader->Timestamp->Created = "2013-12-31T07:15:41.135Z";
$authHeader->Timestamp->Expires = "2013-12-31T07:16:41.135Z";
$Headers[] = new SoapHeader('http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-     wssecurity-secext-1.0.xsd', 'Security', $authHeader,TRUE);
// Setting Security Header - End

// Setting Security Header for Authentication - Start.
$Client->__setSoapHeaders($Headers);
// Setting Security Header for Authentication - End.

通过此代码,它在 Soap 请求中传递低于安全标头。

<s:Header>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
     <u:Timestamp u:Id="_0">
       <u:Created>2014-01-16T12:39:31.050Z</u:Created>
       <u:Expires>2014-01-16T12:40:31.050Z</u:Expires>
     </u:Timestamp>
     <o:UsernameToken u:Id="uuid-6065f07d-c852-45c7-8df4-ef9b566b9536-1">
        <o:Username>user</o:Username>
        <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</o:Password>
      </o:UsernameToken>
    </o:Security>
 </s:Header>

现在,当我从 Soap Header 返回时,我需要在返回某些内容之前传递以下代码。

    $headerStart = strtotime(date('Y-m-d H:i:s')) - (1*60);
    $headerEnd   = strtotime(date('Y-m-d H:i:s')) + (1*60);

    $authHeader = new stdClass();
    $authHeader->UsernameToken->Username = "user";
    $authHeader->UsernameToken->Password = "password";
    $authHeader->Timestamp->Created = gmdate('Y-m-d\TH:i:s.u\Z', $headerStart);
    $authHeader->Timestamp->Expires = gmdate('Y-m-d\TH:i:s.u\Z', $headerEnd);
    $Header = new SoapHeader('http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd', 'Security', $authHeader, false);

    $GLOBALS['server']->addSoapHeader($Header);

它将在响应中添加 Soap Header。

 <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns2="https://67.231.18.69/~verttest/dispatch/soap/medivan.wsdl">
      <SOAP-ENV:Header>
         <ns1:Security>
             <UsernameToken>
                <Username>user</Username>
                <Password>password</Password>
             </UsernameToken>
             <Timestamp>
                <Created>2014-01-16T12:40:28.000000Z</Created>
                <Expires>2014-01-16T12:42:28.000000Z</Expires>
             </Timestamp>
       </ns1:Security>
    </SOAP-ENV:Header>
    <SOAP-ENV:Body>
             .
             .
             .
    </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>
于 2014-01-16T13:01:08.700 回答