WsSecurity adds the WSSE authentication header to your SOAP request
This repository contains multiple classes that may be used indepdently but for now it is easier/better to only use the WsSecurity class.
The WsSecurity class provides a static method that takes the parameters that should suffice to create your Ws-Security Username Authentication header required in your SOAP request.
Concretly, you must include this repository in your project using composer (composer require wsdltophp/wssecurity
) then use it such as:
use WsdlToPhp\WsSecurity\WsSecurity;
/**
* @var \SoapHeader
*/
$soapHeader = WsSecurity::createWsSecuritySoapHeader('login', 'password', true);
/**
* Send the request
*/
$soapClient = new \SoapClient('wsdl_url');
$soapClient->__setSoapHeaders($soapHeader);
$soapClient->__soapCall('echoVoid', []);
The WsSecurity::createWsSecuritySoapHeader
parameters are defined in this order ($username, $password, $passwordDigest = false, $addCreated = 0, $addExpires = 0, $returnSoapHeader = true, $mustunderstand = false, $actor = null, $usernameId = null, $addNonce = true)
:
- $username: your login/username
- $password: your password
- $passwordDigest: set it to
true
if your password must be encrypted - $addCreated: set it to the time you created this header using the PHP time function for example, otherwise pass 0
- $addExpires: set it to the number of seconds in which the header will expire, 0 otherwise
- $returnSoapHeader: set it to false if you want to get the \SoapVar object that is used to create the \SoapHeader object, then you'll have to use to create by yourself the \SoapHeader object
- $mustunderstand: classic option of the \SoapClient class
- $actor: classic option of the \SoapClient class
- $usernameId: the id to attach to the UsernameToken element, optional
- $addNonce: true by default, if true, it adds the nonce element to the header, if false it does not add the nonce element to the header
Create an instance of the Security class
use WsdlToPhp\WsSecurity\WsSecurity;
$wsSecurity = new WsSecurity('login', 'password', true, /*$addCreated*/ time());
// access its properties to alter them
$wsSecurity->getSecurity()->getTimestamp()->setAttribute('wsu:Id', 'AnyRequestValue');
// Get the SoapHeader
$header = $security->getSoapHeader($returnSoapHeader = true, $mustunderstand = false, $actor = null);
Testing using Docker
Thanks to the Docker image of phpfarm, tests can be run locally under any PHP version using the cli:
- php-7.4
First of all, you need to create your container which you can do using docker-compose by running the below command line from the root directory of the project:
$ docker-compose up -d --build
You then have a container named ws_security
in which you can run composer
commands and php cli
commands such as:
# install deps in container (using update ensure it does use the composer.lock file if there is any)
$ docker exec -it ws_security php /usr/bin/composer update
# run tests in container
$ docker exec -it ws_security php -dmemory_limit=-1 vendor/bin/phpunit
If you have a question, feel free to create an issue.
The MIT License (MIT). Please see License File for more information.