WsSecurity

WsSecurity adds the WSSE authentication header to your SOAP request

How to use it

This repository contains multiple classes that may be used indepdently but for now it is easier/better to only use the WsSecurity class.

The WsSecurity class provides a static method that takes the parameters that should suffice to create your Ws-Security Username Authentication header required in your SOAP request.

Concretly, you must include this repository in your project using composer (composer require wsdltophp/wssecurity) then use it such as:

use WsdlToPhp\WsSecurity\WsSecurity;

/**
 * @var \SoapHeader
 */
$soapHeader = WsSecurity::createWsSecuritySoapHeader('login', 'password', true);
/**
 * Send the request
 */
$soapClient = new \SoapClient('wsdl_url');
$soapClient->__setSoapHeaders($soapHeader);
$soapClient->__soapCall('echoVoid', []);

The WsSecurity::createWsSecuritySoapHeader parameters are defined in this order ($username, $password, $passwordDigest = false, $addCreated = 0, $addExpires = 0, $returnSoapHeader = true, $mustunderstand = false, $actor = null, $usernameId = null, $addNonce = true):

• $username: your login/username
• $password: your password
• $passwordDigest: set it to true if your password must be encrypted
• $addCreated: set it to the time you created this header using the PHP time function for example, otherwise pass 0
• $addExpires: set it to the number of seconds in which the header will expire, 0 otherwise
• $returnSoapHeader: set it to false if you want to get the \SoapVar object that is used to create the \SoapHeader object, then you'll have to use to create by yourself the \SoapHeader object
• $mustunderstand: classic option of the \SoapClient class
• $actor: classic option of the \SoapClient class
• $usernameId: the id to attach to the UsernameToken element, optional
• $addNonce: true by default, if true, it adds the nonce element to the header, if false it does not add the nonce element to the header

Alternative usage

Create an instance of the Security class

use WsdlToPhp\WsSecurity\WsSecurity;

$wsSecurity = new WsSecurity('login', 'password', true, /*$addCreated*/ time());

// access its properties to alter them
$wsSecurity->getSecurity()->getTimestamp()->setAttribute('wsu:Id', 'AnyRequestValue');

// Get the SoapHeader
$header = $security->getSoapHeader($returnSoapHeader = true, $mustunderstand = false, $actor = null);

Testing using Docker

Thanks to the Docker image of phpfarm, tests can be run locally under any PHP version using the cli:

• php-7.4

First of all, you need to create your container which you can do using docker-compose by running the below command line from the root directory of the project:

$ docker-compose up -d --build

You then have a container named ws_security in which you can run composer commands and php cli commands such as:

# install deps in container (using update ensure it does use the composer.lock file if there is any)
$ docker exec -it ws_security php /usr/bin/composer update
# run tests in container
$ docker exec -it ws_security php -dmemory_limit=-1 vendor/bin/phpunit

FAQ

If you have a question, feel free to create an issue.

License

The MIT License (MIT). Please see License File for more information.