Client in WSDL mode drops WS Security header when posting

Home » Forums » Project: WSO2 Web Services Framework for PHP (WSO2 WSF/PHP)
jodunni1's picture
Submitted by jodunni1 on January 30, 2010 - 15:17

Greetings alll,

I'm working with wsf-php to interact with some web services on a PeopleSoft system.  I have the entire architecture put together and it's working wonderfully as long as I am working anonymously but when I attempt to use a standard WS Security policy with Username Token (user and password) it simply doesn't put it in the SOAP Headers.  I've pointed it to a local non SSL server so I could get a packet trace and verified that the security headers are just completely missing.  When I use the same CI with SoapUI and send the following headers it works fine.

 

<soapenv:Header>

<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

<wsse:UsernameToken>

<wsse:Username>PS</wsse:Username>

<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PS</wsse:Password>

</wsse:UsernameToken>

</wsse:Security>

</soapenv:Header>

 

The code I'm using is:

 

  $security_options = array("useUsernameToken" => TRUE );

  $policy = new WSPolicy(array("security" => $security_options));

  try {

          $security_token = new WSSecurityToken(array("user" => "PS",

                                                        "password" => "PS",

                                                        "passwordType" => "Digest"));

 

        $wsclientArray = array(

             "wsdl" => "/tmp/CI_MESSAGE_CATALOG_CI.1.wsdl",

              "useWSA" => TRUE,

              "policy" => $policy,

              "securityToken" => $security_token);

          $wsclient = new WSClient($wsclientArray);

          $client = $wsclient->getProxy();

 

         // we do this to get the memberId

          $responseArray = $client->CI_MESSAGE_CATALOG_CI_G ( $request );

var_dump ( $responseArray );

    } catch (Exception $e) {

          $memberID = 0;

    }

 

I also attached the snippet of WSDL that specifies the security policy as I'd noticed a few posts about using the client in WSDL mode with mismatching WSDL policies:

<soap:operation soapAction="CI_NBW_ADM_APPL_ENTRY_CI_UD.V1" style="document"/>

<wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameTokenSecurityPolicyPasswordOptional">
<wsp:ExactlyOne>
<wsp:All>
<wsse:SecurityToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" wsp:Usage="wsp:Required">
<wsse:TokenType>wsse:UserNameToken</wsse:TokenType>
<Claims>
<SubjectName MatchType="wsse:Exact"/>
<UsePassword wsp:Usage="wsp:Optional"/>
</Claims>
</wsse:SecurityToken>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
 
I would be willing to do it with custom headers as well but I'm wondering why the client seems to be dropping the standard ones?  Also attached - a snippet of the wsdl_client log file that seems to be pertinent:
 
[Sat Jan 30 17:16:22 2010] [debug] phase.c(210) Invoke the handler RampartInHandler within the phase PreDispatch
[Sat Jan 30 17:16:22 2010] [debug] rampart_handler_util.c(320) [rampart][rhu] Service is NULL. Check if the security is enabled in the Conf
[Sat Jan 30 17:16:22 2010] [error] rampart_in_handler.c(106) [rampart][rampart_in_handler] SOAP header cannot be found.
[Sat Jan 30 17:16:22 2010] [error] phase.c(233) Handler RampartInHandler invoke failed within phase PreDispatch
[Sat Jan 30 17:16:22 2010] [error] engine.c(696) Invoking phase PreDispatch failed
 
Thanks much for your help!!
 
JD
‹ compiling with PHP 5.3.1 on XP gives errors Warning: WSClient::getProxy(wsf_wsdl.php) ›
jodunni1's picture

Fixed :)

Submitted by jodunni1 on January 31, 2010 - 08:54.
Nevermind about this one - not sure exactly what I did but it seems to be working correctly now. I must have had something out of place. JD
jia.li.webstar-health.co.uk's picture

Hi I am using the same

Submitted by jia.li.webstar-... on February 22, 2010 - 05:45.
Hi I am using the same way... but I am getting this error Fatal error: Uncaught WS FAULT exception: [q0:Security] Header http://schemas.xmlsoap.org/ws/2004/08/addressing:Action for ultimate recipient is required but not present in the message. Do you know the solution? Thanks Jia
library project main code
Popular Content
Learn Cloud
Learn
Cloud

How to deploy a web application in StratosLive using Carbon Studio
The WSO2 Application Server is a reliable application server that can host your enterprise web applications. The WSO2 Application Server as a Service is offered in StratosLive, the WSO2 Platform as a Service. This article explains how a simple web application can be developed and deployed from Carbon Studio to the WSO2 Application Server...
more>

Latest Webinar
KPI definition with Business Activity Monitor 2.0
Different groups within an organization need to monitor different Key Performance Indicators (KPIs) - An operations team will be interested in the response times of business services and loads of each service,..
Thursday, February 9th 2012, 09.00 AM (PST)
Register Now!

Thursday, February 9th 2012, 10.00 AM (GMT)
Register Now!