November 10, 2011 at 19:07Creation of a web service based on WSF / PHP with UsernameToken authorization and HTTPS
- Tutorial
I was given the task to deal with web services in principle and learn about the possibilities of writing a service (not a service client) in PHP, which can be accessed in accordance with the WS and WS-Security standards. Also, compatibility with .NET clients was required (in my case, work without WCF was enough).
After a short google it became clear that neither the standard PHP SOAP library, nor the Zend Framework, nor anything else except WSF / PHP support WS-Security without a file, and the files found in haste offered only a certain solution, for example, UsernameToken with a plaintext password (ideally, signatures, encryption, certificates, and so on and so forth) are needed.
This solution does not describe all the features of the WSF / PHP framework, such as WSDL generation, since all this is described in the documentation and does not require any non-trivial solutions in terms of documentation. We will work with version 2.1.0 of the library .
First, make sure that all the necessary components are installed. My service was running on Ubuntu 11.04, the client application was written in C # (below in the listings I will give its code and configuration). To work with WSF / PHP and the service you need:
Installation and configuration of all components is described in many resources on the Internet, installation and configuration are described in the documentation (see the link in the introduction). Please note that when configuring the PHP module, the wsf.home option points to the path where the library is installed (in my case it was
Our service is the only operation that squares the argument given to it and returns it. Briefly, the content of the code: a function
Suppose the service is stored in a file
We have two dependencies:
Now let's go through
I will publish it also
This completes the description of the service. If everything is done correctly, then if you open the address of the service in the browser, then a description of the deployed services and a list of their operations will open.
The client is a C # console application that knocks at the address specified in the configuration and receives the result. The login, password, and transmitted value are hardcoded, but no one bothers you to correct this omission.
Configuration file (
As a result, the console window should display
After a short google it became clear that neither the standard PHP SOAP library, nor the Zend Framework, nor anything else except WSF / PHP support WS-Security without a file, and the files found in haste offered only a certain solution, for example, UsernameToken with a plaintext password (ideally, signatures, encryption, certificates, and so on and so forth) are needed.
This solution does not describe all the features of the WSF / PHP framework, such as WSDL generation, since all this is described in the documentation and does not require any non-trivial solutions in terms of documentation. We will work with version 2.1.0 of the library .
Training
First, make sure that all the necessary components are installed. My service was running on Ubuntu 11.04, the client application was written in C # (below in the listings I will give its code and configuration). To work with WSF / PHP and the service you need:
- Apache2 + mod_ssl,
- PHP5 + xsl (I worked on PHP5.3),
- GNOME XML Library,
- Actually, WSO2 WSF / PHP 2.1.0 .
Installation and configuration of all components is described in many resources on the Internet, installation and configuration are described in the documentation (see the link in the introduction). Please note that when configuring the PHP module, the wsf.home option points to the path where the library is installed (in my case it was
/opt/wso2/wsf_c).Service
Our service is the only operation that squares the argument given to it and returns it. Briefly, the content of the code: a function
findSquarethat, in fact, performs our task; binding the operation name to the function name, declaring a security policy and creating a token (in this example, the username and password are hardcoded, but using the argument passwordCallbackin the WSSecurityToken constructor (see the API ), you can specify a function that can, for example, be pulled out of the database using the login given to it data password, and return it for further verification); creating an instance of WSService with all parameters and processing call. Suppose the service is stored in a file
index.php$result);
}
$operations = array(
"squareInt" => "findSquare"
); // operations mapping
$securityPolicy = new WSPolicy(file_get_contents('spolicy.xml')); // security policy
$securityToken = new WSSecurityToken(array(
"user"=>"god",
"password"=>"iddqd",
"passwordType"=>"PlainText",
"ttl" => 100)); // security token
$service = new WSService(array(
"wsdl"=>"index.wsdl",
"operations" => $operations,
"serviceName" => "TestService",
"policy"=>$securityPolicy,
"securityToken"=>$securityToken
)); // service instance
$service->reply();
?>
We have two dependencies:
spolicy.xmland index.wsdl. WSDL was generated by the standard WSF / PHP tool - adding a parameter ?wsdlto the service URL (on how to generate WSDL with the correct types, etc., again, read the documentation: this point is described quite sensibly there). Now let's go through
spolicy.xml. This is an XML file written in accordance with the WS-SecurityPolicy specification. It was possible to describe everything in the arguments of the WSPolicy constructor, but since some times the UsernameToken requires a signature from the client, which we do not need in this task, and the constructor arguments provide only the basic capabilities of WS-SecurityPolicy. In addition, we need to announce that security issues are on transport, or HTTPS.I will publish it also
index.wsdl( domain.tldshould be replaced with the domain or IP used by the service):This completes the description of the service. If everything is done correctly, then if you open the address of the service in the browser, then a description of the deployed services and a list of their operations will open.
Client
The client is a C # console application that knocks at the address specified in the configuration and receives the result. The login, password, and transmitted value are hardcoded, but no one bothers you to correct this omission.
internal class Program
{
// Methods
private static void Main()
{
try
{
ServicePointManager.ServerCertificateValidationCallback = delegate (object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors errors) {
return true;
};
TestServicePortTypeClient client = new TestServicePortTypeClient();
client.ClientCredentials.UserName.UserName = "god";
client.ClientCredentials.UserName.Password = "iddqd";
Console.WriteLine(client.squareInt(5));
}
catch (Exception exception)
{
Console.WriteLine(exception);
}
finally
{
Console.ReadKey();
}
}
}
Configuration file (
domain.tldshould be replaced with the domain or IP used by the service):Total
As a result, the console window should display
25, or, if you tweaked the client code to manually enter the original value, the square of your number.