Collecting/Processing headers in PHP Soap Server

Question

I'm creating a web service using PHP5's native SOAP Methods. Everything went fine until I tried to handle authentication using SOAP Headers.

I could easily find how to add the username/password to the SOAP headers, client-side:

$myclient = new SoapClient($wsdl, $options);

$login = new SOAPHeader($wsdl, 'email', 'mylogin');
$password = new SOAPHeader($wsdl, 'password', 'mypassword');
$headers = array($login, $password);

$myclient->__setSOAPHeaders($headers);

But I can't find anywhere the methods for collecting and processing these headers server-side. I'm guessing there has to be an easy way to define a method in my SoapServer that handles the headers...

Answer 1

With a modern PHP version it is NOT necessary to add anything to the WSDL as the headers are part of the SOAP Envelope specification.

The user contributed example cited by Paul Dixon does not work simply because the header is not UserToken as written in the comment, the header is Security, so that's is the name the class method should have. Then you get a nice stdClass object with a UserToken stdClass object property that has Username and Password as properties.

Example code (to be inserted in a PHP class that implements the SOAP service:

   public function Security( $header  ){
      $this->Authenticated = true; // This should be the result of an authenticating method
      $this->Username = $header->UsernameToken->Username;
      $this->Password = $header->UsernameToken->Password;
    }

Works like a charm for Username/Password based WSSE Soap Security

Answer 2

SoapClient uses the username and password to implement HTTP authentication. Basic and Digest authentication are support (see source)

For information on implementing HTTP authentication in PHP on the server side, see this manual page.

If you don't want to use HTTP authentication, see this user-contributed sample on the SoapServer manual page which shows how you could pass some credentials in a UsernameToken header.