How to Get WS-Security working without WS-Addressing in WSF/PHP

Tuesday, October 21, 2008

Usually, most security scenarios use WS-Addressing. But there are scenarios that uses security without WS-Addressing. Due to configuration  file settings, WSF/PHP works with WS-Security only when WS-Addressing is also used. However, by doing some simple changes to a couple of Xml files, you can get WSF/PHP to support some security scenario's that does not use WS-Addressing.

Here is what you need to do.

1. Step One.

Open the axis2.xml file found in was_c directory. In it,  change in inflow by adding another phase named Security as follows.

<phaseOrder type="inflow"> - <!-- System pre defined phases       -->

<phase name="Transport" />

<phase name="PreDispatch" />

<phase name="Dispatch" />

<phase name="PostDispatch" />

<!-- End system pre defined phases       -->

<!-- After PostDispatch phase, module or service author can add any phase as required  -->

<!-- User defined phases could be added here -->

<phase name="Security" />

<phase name="Rahas" />

<phase name="RMPhase" />


I have highlighted the line added in red.

2. Step two

Open the module.xml file found in wsf_c/modules/rampart/ directory and change the inflow elements phase name attribute from "PreDispatch" to "Security" as follows.

       <handler name="RampartInHandler" class="mod_rampart">
           <order phase="Security"/>

Again, I have highlighted the change.

That's all you need to do to get WS-Security to work without using WS-Addressing.

Note that,for this to work, you will have to have either SOAPAction or an element that matches the operation name in Soap Body. Of course there are some WS-Security scenarios that cannot work without WS-Addressing.

No comments: