This page looks at developing PHP clients for both HTTP Basic Auth and Rampart enabled Grouper WS. One of the core requirements for Grouper WS security is to enable clients to authenticate both against Basic Auth and Rampart enabled Grouper WS. We used the WSO2 Web Services Framework for PHP (WSO2 WSF/PHP)to develop the PHP Clients. WSF/PHP is an open souce framework that supports a wide range of WS-* specification implementations. It can be downloaded at http://wso2.org/downloads/wsf/php/
HTTP Basic Authentication is only supported by WSF/PHP versions 1.3.0 and above so make sure that the latest version of WSF/PHP is installed.
The code below can be used to invoke the getGroupsLite method on a Basic Auth enabled Grouper WS:
<?php
// Request payload string and call the getGroupsLite method
$reqPayloadString = <<<XML
<ns1:getGroupsLite xmlns:ns1="http://soap.ws.grouper.middleware.internet2.edu/xsd"><ns1:param0>v1_3_000</ns1:param0>
<ns1:param1>$_GET[user]</ns1:param1>
<ns1:param2></ns1:param2>
<ns1:param3></ns1:param3>
<ns1:param4>All</ns1:param4>
<ns1:param5></ns1:param5>
<ns1:param6></ns1:param6>
<ns1:param7></ns1:param7>
<ns1:param8></ns1:param8>
<ns1:param9></ns1:param9>
<ns1:param10></ns1:param10>
XML;
try {
// Create message with request payload and options
$reqMessage = new WSMessage($reqPayloadString,
array("to" => "http://XXXXX/basicauthgrouper-ws/services/GrouperService",
"action" => "http://php.rampart.apache.org"));
// Create client with options
$client = new WSClient(array("useWSA" => FALSE,
"httpAuthUsername" => "Username",
"httpAuthPassword" => "Password",
"httpAuthType" => "Basic"));
// Send request and capture response
$resMessage = $client->request($reqMessage);
header("Content-Type: text/xml");
print_r($resMessage->str);
} catch (Exception $e) {
if ($e instanceof WSFault) {
printf("Soap Fault: %s\n", $e->Reason);
} else {
printf("Message = %s\n",$e->getMessage());
}
}
?>
|
WSO2/PHP doesn't contain a WSDL2JAVA tool so we can't a stub to make use of the policies defined in the WSDL. As such, the policy file that defines the security requirements of the service has to be on classpath of the client. The policy.xml used in this instance is shown below:
<?xml version="1.0" encoding="UTF-8"?> <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken RequireClientCertificate="false"/> </wsp:Policy> </sp:TransportToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Lax/> </wsp:Policy> </sp:Layout> </wsp:Policy> </sp:TransportBinding> <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" /> </wsp:Policy> </sp:SignedSupportingTokens> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> |
A client that calls the getGroupsLite method on the Rampart enabled Grouper WS with the exact set of parameters as the Java client is given below:
<?php
// Request payload string
$reqPayloadString = <<<XML
<ns1:getGroupsLite xmlns:ns1="http://webservicesRampart.grouper.middleware.internet2.edu/xsd"><ns1:param0>v1_3_000</ns1:param0>
<ns1:param1>$_GET[user]</ns1:param1>
<ns1:param2></ns1:param2>
<ns1:param3></ns1:param3>
<ns1:param4>All</ns1:param4>
<ns1:param5></ns1:param5>
<ns1:param6></ns1:param6>
<ns1:param7></ns1:param7>
<ns1:param8></ns1:param8>
<ns1:param9></ns1:param9>
XML;
try {
// Create message with request payload and options
$reqMessage = new WSMessage($reqPayloadString,
array("to" => "http://XXXXX/grouper-ws/services/GrouperService",
"action" => "http://php.rampart.apache.org"));
// Set up security options
$policy_xml = file_get_contents("policy.xml");
$policy = new WSPolicy($policy_xml);
$security_token = new WSSecurityToken(array("user" => "Username",
"password" => "Password",
"passwordType" => "Digest"));
// Create client with options
$client = new WSClient(array("useWSA" => FALSE,
"policy" => $policy,
"securityToken" => $security_token));
// Send request and capture response
$resMessage = $client->request($reqMessage);
header("Content-Type: text/xml");
print_r($resMessage->str);
} catch (Exception $e) {
if ($e instanceof WSFault) {
printf("Soap Fault: %s\n", $e->Reason);
} else {
printf("Message = %s\n",$e->getMessage());
}
}
?>
|
The important part of the above code is:
$policy_xml = file_get_contents("policy.xml");
$policy = new WSPolicy($policy_xml);
$security_token = new WSSecurityToken(array("user" => "Username",
"password" => "Password",
"passwordType" => "Digest"));
|
This indicates the location of policy.xml. It also provides the username/password in the form of a digest.
XML pagination is used to display the list of users/groups in a more consistent and presentable manner. For example, listgroups.php invokes the getsGroupsLite method, which in turn returns an XML array of groups. The XML array of groups is then presented in a more presentable manner using XML pagination techinques. A code snippet is given below:
//call getGroupsLite method and return an array of groups
$xml = simplexml_load_file("https://community.ncl.ac.uk/rampart/live/getgroups.php?user=$user");
//Total number of Groups
$totalGroups = $xml->xpath("//ns:name");
|
Both the listgroups.php and the pagination.class.php are provied in the Attachments section.
See Also
Newcastle University Intro Page