All geek questions in one place

How to require an authentication header header in WSDL?

I created a web service in php using SOAPServer . He expects to see a SoapHeader UsernameToken with username and password elements. Everything works fine when I include this header in the request. By simply defining a method in the Soap handler class named "UsernameToken", this method is called and stdClass Obj is passed to it. Then I can check the user for $Obj->username and $Obj->password .

I donโ€™t know what to add to the WSDL file, first of all, to define this UsernameToken header and the second, how to indicate in the WSDL that this is necessary?

I read somewhere that the new SOAP standard does not endorse the concept of a โ€œmandatoryโ€ header.

Any advice on how to at least indicate this is my wsdl that should include this header?

+6
source share
3 answers

Here is an example of a WSDL defining a login: https://ws1.webservices.nl/soap_doclit?wsdl

 <binding name="Webservices.nlBinding" type="tns:Webservices.nlPortType"> <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> <operation name="login"> <soap:operation soapAction="https://ws1.webservices.nl/soap_doclit.php/login" style="document"/> <input> <soap:body use="literal"/> <soap:header message="tns:Headers" part="HeaderLogin" use="literal"/> <soap:header message="tns:Headers" part="HeaderAuthenticate" use="literal"/> </input>
+3
source

You have looked at section 2.1.3 http://www.w3.org/TR/wsdl . I also could not find anything necessary to become deprived.

+1
source

Long answer. See this post.

In the client, you can use the mustUnderstand attribute to indicate whether the header entry is mandatory or optional for the recipient to process. If the server cannot or does not want to process the required header, it must reset the SOAP error to the client.

+1
source

Source: https://habr.com/ru/post/901818/

More articles: