Adding authentication functionality to soap server (Using Zend)?

Question

I have a soap server that is created like so:

class ServerController extends Zend_Controller_Action
{
    public function serverAction()
    {
       memcache_flush();
       Zend_Registry::get('cache')->clean(Zend_Cache::CLEANING_MODE_ALL);

       $server = new SoapServer("http://####/services/soap-server/wsdl");
       $server->setClass('SOAP_Server_Map');
       $server->handle();
    }
}

I want to add authentication to it so that whenever anyone makes a call to a function in "SOAP_Server_Map", it checks that the credentials supplied in the SoapClient options array('login' and 'password') are valid.

Does anyone have any suggestions/help?

Answer 1

To add authentication to either Zend_Soap_Server or Zend_Json_Server, simply specify the HTTP authentication in either your HTTP server (ie: Apache) config or .htaccess file. The following .htaccess file should work:

AuthType Basic
AuthName "Supreme Data Services"
AuthUserFile /var/www/localhost/passwd
Require valid-user

Make sure you keep your password file out of the docroot for security purposes. The password file can be made by using htpasswd that comes with Apache. Naturally, you can use more advanced authentication types.

In order to make use of the service(s), you must now specify a username and password when making a request. If you are using Zend Framework to create your client, you can do the following for SOAP:

$client = new Zend_Soap_Client($wsdl, array('login' => $username, 'password' => $password));

And the following for JSONRPC:

$http = new Zend_Http_Client();
$http->setAuth($username, $password);
$client = new Zend_Json_Client($uri, $http);