On Tue, 13 Jun 2006 06:03:47 -0400, Rob Richards wrote: > > Yes, you can still add headers. > Found Zeev's blog from last year: http://www.suraski.net/blog/index.php?/archives/5-PHP-5s-SOAP-extension-and-SalesForce.html It is now implemented:-) It is not documented on php.net? > Yea, this has been a problem working with the WS-* stuff. Much of it > hasn't been able to be described in a WSDL, so for WS-Security, the > client has needed to know ahead of time that the server uses and/or > requires it. Now, enter WSDL 2.0 and WS-Policy and it becomes possible > to describe these in the WSDL, although I have yet to run into a service > that deploys these. WSDL 2.0 was just changed to a recommendation at the > end of March. > In my experience WSDL 2.0 will not be part of any development tools for a considerable time in which case deployment of services using WSDL 2.0 will be next to nothing. I vote for backporting it in some way to ext/soap. >From axis-wsse: first objective: Implements the <UsernameToken> spec (Web Service security UsernameToken Profile - working draft 4, 11 August 2003) * without password * clear password * password digest * password+nonce+timestamp digest Would that not be a nice goal? > I will be writing it up on my blog (www.cdatazone.org) in the near > future. It is a bit complex and will be broken into several parts since > in order to leverage WS-Security, you first need to understand how to > use XMLENC and XMLDSIG. Then it's possible to move on to WS-Security. > Right now everything needs to be performed manually so there are few to > no shortcuts that can be used. > Why? I don't see this in the axis project. I admit my knowledge in wsse is not extensive. Microsoft.Com Platform Services 1.0 Beta ...TCP sniffing the request to ws.microsoft.com POST /mscomservice/mscom.asmx HTTP/1.0 Content-Type: text/xml; charset=utf-8 Accept: application/soap+xml, application/dime, multipart/related, text/* User-Agent: Axis/1.1 Host: ws.microsoft.com Cache-Control: no-cache Pragma: no-cache SOAPAction: "http://www.microsoft.com/GetVersion" Content-Length: 911 Authorization: Basic QjhmZQvNE***hidden***QjhmZQvNE <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Header> <wsse:Security soapenv:mustUnderstand="0" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"> <wsse:UsernameToken> <wsse:Username xsi:type="xsd:string"> B8ffemWZ1***hidden***wYJJW4bua0+</wsse:Username> <wsse:Password Type="wsse:PasswordDigest" xsi:type="xsd:string"> BF3utb***hidden***0lKZz4quA=</wsse:Password> <wsse:Nonce xsi:type="xsd:string"> msJPTHku44rHAqPIRvbNQA==</wsse:Nonce> <wsu:Created xsi:type="xsd:string" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"> 2003-10-13T19:50:57Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> <soapenv:Body> <GetVersion xmlns=""/> </soapenv:Body> </soapenv:Envelope> ...and the response: HTTP/1.1 200 OK Connection: close Date: Mon, 13 Oct 2003 18:50:52 GMT Server: Microsoft-IIS/6.0 P3P: CP='ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI' X-Powered-By: ASP.NET X-AspNet-Version: 1.1.4322 Cache-Control: private, max-age=0 Content-Type: text/xml; charset=utf-8 Content-Length: 607 <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Header> <wsu:Timestamp xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"> <wsu:Created> 2003-10-13T18:50:52Z </wsu:Created> <wsu:Expires> 2003-10-13T18:55:52Z </wsu:Expires> </wsu:Timestamp> </soap:Header> <soap:Body> <GetVersionResponse xmlns="http://www.microsoft.com"> <GetVersionResult> Microsoft.Com Platform Services 1.0 Beta </GetVersionResult> </GetVersionResponse> </soap:Body> </soap:Envelope> > Ideas for a plugin are in the works. An xmlsec extension is being > created first (handles XMLENC and XMLDSIG), which should be able to be > used to help in the creation of a plugin for WS-Security, though not yet > decided if the plugin would be a C ext or a user extension. > If you need any help I might be interested. I have many years experience in C - also in PHP for that matter:-) -- Hilsen/Regards Michael Rasmussen http://keyserver.veridis.com:11371/pks/lookup?op=get&search=0xE3E80917 -- PHP Soap Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php