StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POWS02 / WSF PHP 2.1.0 UsernameToken issues
text
Body
copied!<p>i try to call a partner WS using usernameToken. I use for that ws02 wsf_2.0.0 under php5.2.x and it rocks. Now we want's to migrate on a different solution based on php5.3, fortunately ws02 provide a 2.1.0 tag compatible with php5.3. I take the time to read the new features and documentation of this new release and especially regarding the usernameToken. I understood this release use signing regarding the usernameToken through a cert and private key. I guess b/c of the AsymetricTransportBinding policy. In my case i didn't want to sign anything through certificate or whatever. I read also that ws02 provide a kind of fallback in a separate xml file to avoid any signing.</p> <p>After reading many posts, forums i need some help from the community b/c i'm totally stuck.</p> <p>Here's the code used to request the WS in php5.3 - wsf 2.1.0 ( using HTTP ) </p> <pre><code>$policy = new \WSPolicy( $policy ); ( $policy is the one from the call_back folder with a file_get_contents() ) $security = new \WSSecurityToken( array( 'user' => 'my_username', 'password' => 'my_password', 'passwordType' => 'Digest', 'ttl' => '300' )); $this->oSoapClient = new \WSClient( array( wsdl: http://www.xxx.xx/comparatorservices/CalculationService?WSDL to: http://www.xxx.xx/comparatorservices/CalculationService useWSA: true useSOAP: 1.1, policy: $policy, securityToken: $security )); $proxy = $this->oSoapClient->getProxy(); $response = $proxy->wykonajKalkulacje( $MySuperRequestObject ); </code></pre> <p>At this step : </p> <ol> <li>I activated the debug traces ( log level 4 ) </li> <li><p>I confirm that my "to" is using http accoring to the wsdl definition</p> <p>wsdl:port name="CalculationServiceHttpPort" binding="tns:CalculationServiceHttpBinding" wsdlsoap:address location="http://www.xxxx.xx/comparatorservices/CalculationService" /wsdl:port</p></li> </ol> <p>Now from the debug logs i catch this : </p> <pre><code>[Wed Jul 25 05:22:53 2012] [error] rampart_in_handler.c(91) [rampart]SOAP header cannot be found. [Wed Jul 25 05:22:53 2012] [error] phase.c(224) Handler RampartInHandler invoke failed within phase Security [Wed Jul 25 05:22:53 2012] [error] engine.c(657) Invoking phase Security failed [Wed Jul 25 05:22:53 2012] [error] engine.c(262) Invoking operation specific phases failed for operation __OPERATION_OUT_IN__ [Wed Jul 25 05:22:53 2012] [error] /home/agruet/08_KRK_sources/wso2-wsf-php-src-2.1.0/src/wsf_wsdl.c(1226) [wsf_wsdl] Response envelope not found </code></pre> <p>So my first idea was to sniff the traffic and especially the SOAP Header between the working ( wsf_2.0.0 / php5.2.x ) and the breaked ( wsf_2.1.0 / php5.3 )</p> <p>Here's the 2.0.0 ( working ) </p> <pre><code> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:Username>my_username</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"> hashed(my_password) </wsse:Password> <wsse:Nonce>hashed</wsse:Nonce> <wsu:Created>2012-07-26T20:40:26.991Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> </code></pre> <p>And the 2.1.0 ( not working / breaked ) </p> <pre><code> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:Username>my_username</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">hashed(my_password)</wsse:Password> <wsse:Nonce>hashed</wsse:Nonce> <wsu:Created>2012-07-25T00:44:56.758Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> </code></pre> <p>As u can see the only difference come from the wsse:Security namespace. ( missing xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ ) </p> <p>And that's all ...</p> <p>Inspecting the rampart_in_handler.c at line 91 according to the debug log said : </p> <pre><code>soap_header = axiom_soap_envelope_get_header(soap_envelope, env); if(!soap_header) { /*No SOAP header, so no point of proceeding. FAIL*/ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]SOAP header cannot be found."); return AXIS2_FAILURE; } </code></pre> <p>Meaning yeah.... the soap_header is false.. but why? Is there any smart guy in order to explain what's wrong ? </p> <p>nota 1: I inspected the policy sent to the partner WS from the working ( 2.0.0 ) it seem's a AsymetricBinding is used... wich is weird as long in the 2.0.0 we didn't provide any cert or keys.</p> <p>nota 2: I also tried to use signed username token with the classic WSPolicy Object array params - I created a x509 cert and privatekey then use the functions to load these files and use the array params to load it into the WSSecurity Constructor... but i receive the same error / Sniffing is a pain b/c the datas are crypted or something like that ( wich seem's to be normal in this way ) </p> <p>nota 3: Currently tested on Ubuntu10.04-3LTS with the pre-compiled php packges from apt-get</p> <p>PLZ HELP ! </p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload