本文分两个段落介绍如何加强 PHP SOAP 的安全性。第一,通过安全的https(即HTTP over SSL)协议,加密http信息,防止在网络传输层的数据包被明文获取。php方面只要支持OpenSSL模块,就可以访问https服务器。第二,为了验证soap client,在soap server端加上一个标准的HTTP认证,防止任何soap客户端都可以连上服务端。那么代码如何实现呢?
如何快读,简单的搭建 php soap webservice 可以先看我以前发表的文章。《实现 php webservice 之 SOAP Functions 介绍》。
以下是我实现的代码:
1、服务端 soap_server.php 代码,关键是加了一段 basic http authentication.
<?php
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) ||
!($_SERVER['PHP_AUTH_USER']=='admin' && $_SERVER['PHP_AUTH_PW']=='123456')) {
header('WWW-Authenticate: Basic realm="WEBSERVICE"');
header("HTTP/1.0 401 Unauthorized");
echo "You must enter a valid login ID and password to access this resource\n";
die;
}else{
require './soap_functions.php';
ini_set("soap.wsdl_cache_enabled", 0);
$server = new SoapServer('pay.wsdl',array('encoding'=>'UTF-8'));
$server->addFunction(array("get_user_info"));
if(isset($HTTP_RAW_POST_DATA)) {
$request = $HTTP_RAW_POST_DATA;
} else {
$request = file_get_contents('php://input');
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$server->handle($request);
} else {
echo "This SOAP server can handle following functions: ";
$functions = $server->getFunctions();
foreach($functions as $k=>$func){
echo $k.". ".$func . "\n";
}
}
}
?>
2、客户端soap_client.php代码, 注意要加上array('login' => "admin", 'password' => "123456")这个参数,否则会显示错误如下:Fatal error: SOAP Fault: (faultcode: HTTP, faultstring: Unauthorized) in ...
<?php
//define("SSL_PASSWD", "asdfghjkl");
//define("SSL_CERTFILE", "E:\tz\pay\admincp\webservice\server.pem");
try{
ini_set("soap.wsdl_cache_enabled", 0);
//array('local_cert' => SSL_CERTFILE,'passphrase'=>SSL_PASSWD)
$soap = new SoapClient('pay.wsdl',array('login' => "admin", 'password' => "123456"));
$result = $soap->get_user_info(10001);
print_r($result);
}catch (SoapFault $fault){
trigger_error("SOAP Fault: (faultcode: {$fault->faultcode}, faultstring: {$fault->faultstring})", E_USER_ERROR);
}
?>
3、 wsdl 文件
<?xml version='1.0' encoding='UTF-8'?>
<!-- WSDL file generated by Zend Studio. -->
<definitions name="Untitled" targetNamespace="urn:Untitled" xmlns:typens="urn:Untitled" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns="http://schemas.xmlsoap.org/wsdl/">
<message name="get_user_info">
<part name="user_id" type="xsd:integer"/>
</message>
<message name="get_user_infoResponse">
<part name="get_user_infoReturn" type="xsd:anyType"/>
</message>
<portType name="soap_functionsPortType">
<operation name="get_user_info">
<documentation>
获取用户所有信息
</documentation>
<input message="typens:get_user_info"/>
<output message="typens:get_user_infoResponse"/>
</operation>
</portType>
<binding name="soap_functionsBinding" type="typens:soap_functionsPortType">
<soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
<operation name="get_user_info">
<soap:operation soapAction="urn:soap_functionsAction"/>
<input>
<soap:body namespace="urn:Untitled" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/>
</input>
<output>
<soap:body namespace="urn:Untitled" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/>
</output>
</operation>
</binding>
<service name="UntitledService">
<port name="soap_functionsPort" binding="typens:soap_functionsBinding">
<soap:address location="https://www.xxx.com/webservice/soap_server.php"/>
</port>
</service>
</definitions>
关键主要的地方,location="https://...";告诉soap去访问https的服务端,如果php的OpenSSL没装,那么就会报错;
Fatal error: SOAP Fault: (faultcode: HTTP, faultstring: SSL support is not available in this build) in ...
<service name="UntitledService">
<port name="soap_functionsPort" binding="typens:soap_functionsBinding">
<soap:address location="https://www.xxx.com/webservice/soap_server.php"/>
</port>
</service>
如何快读,简单的搭建 php soap webservice 可以先看我以前发表的文章。《实现 php webservice 之 SOAP Functions 介绍》。
以下是我实现的代码:
1、服务端 soap_server.php 代码,关键是加了一段 basic http authentication.
<?php
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) ||
!($_SERVER['PHP_AUTH_USER']=='admin' && $_SERVER['PHP_AUTH_PW']=='123456')) {
header('WWW-Authenticate: Basic realm="WEBSERVICE"');
header("HTTP/1.0 401 Unauthorized");
echo "You must enter a valid login ID and password to access this resource\n";
die;
}else{
require './soap_functions.php';
ini_set("soap.wsdl_cache_enabled", 0);
$server = new SoapServer('pay.wsdl',array('encoding'=>'UTF-8'));
$server->addFunction(array("get_user_info"));
if(isset($HTTP_RAW_POST_DATA)) {
$request = $HTTP_RAW_POST_DATA;
} else {
$request = file_get_contents('php://input');
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$server->handle($request);
} else {
echo "This SOAP server can handle following functions: ";
$functions = $server->getFunctions();
foreach($functions as $k=>$func){
echo $k.". ".$func . "\n";
}
}
}
?>
2、客户端soap_client.php代码, 注意要加上array('login' => "admin", 'password' => "123456")这个参数,否则会显示错误如下:Fatal error: SOAP Fault: (faultcode: HTTP, faultstring: Unauthorized) in ...
<?php
//define("SSL_PASSWD", "asdfghjkl");
//define("SSL_CERTFILE", "E:\tz\pay\admincp\webservice\server.pem");
try{
ini_set("soap.wsdl_cache_enabled", 0);
//array('local_cert' => SSL_CERTFILE,'passphrase'=>SSL_PASSWD)
$soap = new SoapClient('pay.wsdl',array('login' => "admin", 'password' => "123456"));
$result = $soap->get_user_info(10001);
print_r($result);
}catch (SoapFault $fault){
trigger_error("SOAP Fault: (faultcode: {$fault->faultcode}, faultstring: {$fault->faultstring})", E_USER_ERROR);
}
?>
3、 wsdl 文件
<?xml version='1.0' encoding='UTF-8'?>
<!-- WSDL file generated by Zend Studio. -->
<definitions name="Untitled" targetNamespace="urn:Untitled" xmlns:typens="urn:Untitled" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns="http://schemas.xmlsoap.org/wsdl/">
<message name="get_user_info">
<part name="user_id" type="xsd:integer"/>
</message>
<message name="get_user_infoResponse">
<part name="get_user_infoReturn" type="xsd:anyType"/>
</message>
<portType name="soap_functionsPortType">
<operation name="get_user_info">
<documentation>
获取用户所有信息
</documentation>
<input message="typens:get_user_info"/>
<output message="typens:get_user_infoResponse"/>
</operation>
</portType>
<binding name="soap_functionsBinding" type="typens:soap_functionsPortType">
<soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
<operation name="get_user_info">
<soap:operation soapAction="urn:soap_functionsAction"/>
<input>
<soap:body namespace="urn:Untitled" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/>
</input>
<output>
<soap:body namespace="urn:Untitled" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/>
</output>
</operation>
</binding>
<service name="UntitledService">
<port name="soap_functionsPort" binding="typens:soap_functionsBinding">
<soap:address location="https://www.xxx.com/webservice/soap_server.php"/>
</port>
</service>
</definitions>
关键主要的地方,location="https://...";告诉soap去访问https的服务端,如果php的OpenSSL没装,那么就会报错;
Fatal error: SOAP Fault: (faultcode: HTTP, faultstring: SSL support is not available in this build) in ...
<service name="UntitledService">
<port name="soap_functionsPort" binding="typens:soap_functionsBinding">
<soap:address location="https://www.xxx.com/webservice/soap_server.php"/>
</port>
</service>
This entry comes from 本站原创 and has been read for 4090 times.It is tagged with soap,https, , ssl.
1 Responses
比如username + hmac salted md5 passwd + token + timestamp