?xsd is an standard option to serve an xsd file imported within a wsdl. This was a missing feature in WSF/PHP. In WSF/PHP automatic wsdl generation, it does not generate additional xsds which are imported by the wsdl and hence this option would not be required. However, with wsdl mode, you could have additional xsds imported in the wsdl. Now you can obtain these xsds with the option ?xsd=xsdfilename.xsd.
Friday, December 31, 2010
Thursday, December 30, 2010
WSF/PHP has two modes of operations. When using wsdl mode, you will always start with a wsdl and hence, that wsdl will be served for ?wsdl request. On the other hand, you can write a service with annotations and the corresponding wsdl will be generated for you. However, when using the xml-in-out mode with WSMessage object as the input and output parameter for the operation, its better to be able to serve a wsdl that is saved in the server since auto generated wsdl’s schema might not match the operation accepted xml.
Getting this done is quite simple. all you need to do is to set the option “omitProcesswsdl” in WSService operations array to true.
$opParams = array("testFunction"=>"WSMESSAGE");
$service = new WSService(array( "wsdl"=>"mystaticwsdl.wsdl",
Monday, July 5, 2010
We are pleased to announce the release of v2.1.0 of wso2 wsf/php. This release comes after quite some time since the 2.0.0 release was back in late 2008. Since then a lot of changes have token place in the underlying code base of WSF/PHP. The WS-Security handling has been improved and updated and that functionality is now available with this release of WSF/PHP. In addition to that, this release is built and tested for PHP 5.3. Many users have been querying about a PHP 5.3 compatible release for a while and with this release, all the issues users had with installing and running on php 5.3 will be solved.
You can download the release from http://wso2.org/downloads/wsf/php.
You can find the complete release note here.
Enjoy WSO2 WSF/PHP 2.1.0.
Friday, May 21, 2010
Using WS-Security Username Token alone with Transport level security, HTTPS, is quite common. By default, Username token is used with WS-Security Signature. Lets look at how to configure WS-Security Username Token with WSF/PHP.
Since, by default, WSF/PHP tries to sign the username token credentials, you would need to specify client certificate and the private key for configuring Username Token.
$security_options = array("useUsernameToken" => TRUE );
$policy = new WSPolicy(array("security" => $security_options));
$security_token = new WSSecurityToken(array("user" => "Raigama",
"password" => "RaigamaPW",
"passwordType" => "Digest",
"privateKey" => $my_key,
"certificate" => $my_cert));
I have copied a code snippet from the username token sample. As you can see, we are only configuring username token by using the option useUsernameToken in the policy configuration. However, for the WSSecurityToken configuration, I have passed both the “privateKey” option and “certificate” option. The private key refer to the client’s private key and certificate refer to client’s certificate which contains the public key of the client. This is because, by default, UsernameToken uses signature to enhance security of username token.
Often you would need to use https transport and plaintext username password instead of a signed username token. You can easily enable this option by specifying a policy file and an empty transportBinding element within it as follows.
Now create the WSPolicy object by using the policy file.
$policy = new WSPolicy($policy_string);
In the WSClient options change “to” endpoint from “http” to “https” and specify the “CACert” option.
Create a Certificate Authority, CA.
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Now we have a certificate authority certificate to sign the certificate for the server.
Generate a key for the server.
openssl genrsa -des3 -out server.key 4096
Generate a certificate signing request
openssl req -new -key server.key -out server.csr
Optional step : remove the passphrase from the key
Rename server.key to server.key.bac.
openssl rsa -in server.key.bac -out server.key
Sign the generated key with certificate authority
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
Now we have the necessary keys and certificates to configure Apache2.2 server to enable https
copy the generated keys, certificates to a directory named keys under the conf directory.
Uncomment ssl module and ssl configuration file in httpd.conf.
LoadModule ssl_module modules/mod_ssl.so
configure https in httpd-ssl.conf file located in conf/extra directory. Use the default settings and specify the following Files to match your local settings.
SSLVerifyClient and SSLVerifyDepth options would only be required, if you want the client to authenticate to the server using a certificate and a passphrase.
Now you have successfully configured https for your server.
When connecting to the server, you can obtain the servers certificate by using openssl.
openssl s_client –connect localhost:443 > scert.pem
Now open the scert.pem and remove the unnecessary. Only the content within the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- needed for the certificate. You certificate would look like
Now we can connect to a service deployed in Apache server using https and consume it.
$client = new WSClient(array(“to”=>”https://localhost/webservices/service1.php”,
$response = $client->request($input);
Much more detailed discussion on implementing https alone with Axis2/C is available here.