supported by the SOAPClient in 1.8. The whole mechanism is a bit more complex
to get around, a good description is in the PHP.net/SOAP documentation.
If you only want to do authentication though, i would suggest using HTTP Basic
Authentitaction, which is supported by the Zend_Soap_Client by the use of
setLogin/setPassword functions. On the server side you can intercept the HTTP
Auth data and parse it with Zend_Auth. For this I generate an Authentication
Proxy for SOAP that looks something like:
class SoapAuthProxy
{
protected $_realSubject;
public function __construct($realServerObject) {
$this->_realSubject = $realServerObject;
}
public function __call($method, $args) {
// do authentication here, HTTP Basic Auth with Zend_Auth and maybe
also do ACL
// redirect to real subject
return call_user_func_array(array($this->_realSubject, $method),
$args);
}
}
$object = new RealSubject();
$proxy = new SoapAuthProxy($object);
$soap = new Zend_Soap_Server(...);
$soap->setObject($proxy);
$soap->handle();
The soap request then first goes through the proxy and authenticates and then
hits the real subject and returns its results. The Proxy should throw an SOAP
Fault exception if authentication fails, so that the client can proberly
handle it.
greetings,
Benjamin
On Friday 06 February 2009 11:12:12 Dieter Devlieghere wrote:
> There is no Zend_Soap_Request object... Any recommendations for doing a
> similar thing with SOAP?
>
> Regards,
> Dieter
>
> -----Original Message-----
> From: Matthew Weier O'Phinney [mailto:matthew@zend.com]
> Sent: woensdag 4 februari 2009 19:25
> To: fw-webservices@lists.zend.com
> Subject: Re: [fw-webservices] Problem with Zend_XmlRpc_Client
>
> -- swilhelm <steve@studio831.com> wrote
>
> (on Wednesday, 04 February 2009, 09:25 AM -0800):
> > There were two specific things I wanted to do I found difficult with
> > Zend_REST and Zend_XmlRPpc:
> >
> > I wanted to secure the set method by having clients pass
>
> authentication
>
> > credientials with each call or have a login call that returned a
>
> session id
>
> > and have subsequent calls pass id. Acl would be perfect for this, but
>
> didn't
>
> > see any easy way to use it with either REST or XmlRpc.
>
> This is actually easy to do by extending the Zend_XmlRpc_Request object.
> What you can do in these cases is check to see if the method is for
> "logging in", and if not, strip the first or last parameter from the
> passed parameters and check it against the authentication session. As an
> example:
>
> class My_XmlRpc_Request extends Zend_XmlRpc_Request_Http
> {
> public function __construct()
> {
> parent::__construct();
>
> if ($this->getMethod() != 'login') {
> $params = $this->getParams();
> $token = array_shift($params);
> $this->setParams($params);
>
> // Verify the token, and then add it to the registry...
> Zend_Registry::set('token', $token);
> }
> }
> }
>
> Notice that I grab the parameters, remove an element, and then re-set
> them without that element -- that's the only magic that needs to happen.
> How you do the authentication or ACLs after that is up to you.
>
> Then, in the endpoint script where the XML-RPC server is created, also
> instantiate this class and add it to the server:
>
> $request = new My_XmlRpc_Request();
> $server->setRequest($request);
>
> > One set call where the body of the POST was an existing XML format
>
> dictated
>
> > by an existing client. In the wee hours of the morning, couldn't
>
> figure out
>
> > how to get REST or Xml Rpc to accept a XML post body from a client.
>
> Again, what you want to do here is to extend Zend_XmlRpc_Request (or the
> _Http variant); in ZF's XML-RPC implementation, that's where we do the
> parsing of the request into the requisite method and parameters. If the
> response also needs to be in a specific format, extend
> Zend_XmlRpc_Response (or the _Http variant), and override the saveXML()
> method to build the appropriate response payload. Just like with the
> request, you need to add the response object to the server prior to
> handling the request.
>
> These techniques work for all the server variants, by the way -- you can
> do the same with the REST or JSON servers.
>
> > Finally, had some Action control helpers for handling MySQL access and
> > Logging that I just found easier to access using standard Controller
> > behavior.
> >
> > If you have an example of REST or XmlRpc client and server that has
> > authenticated set call with a large JSON or XML data parameter from
>
> client,
>
> > I should would appreciate seeing it.
> >
> > Thanks in advance.
> >
> > - Steve W.
> >
> > Matthew Weier O'Phinney-3 wrote:
> > > -- swilhelm <steve@studio831.com> wrote
> > >
> > > (on Saturday, 31 January 2009, 10:37 PM -0800):
> > >> I just spent several frustrating hours trying to set up a Web
>
> service
>
> > >> using
> > >> first Zend_REST_Server and then Zend_XmlRpc_Server. Both turned out
>
> to be
>
> > >> to
> > >> limiting.
> > >
> > > Could you explain what you found limiting in the XML-RPC
>
> implementation?
>
> > > I'd be curious to what your issues may have been, and what
>
> improvements
>
> > > we might be able to make.
> > >
> > >> Eventually, I took Matthew O'Phinney's advice from
> > >> http://www.nabble.com/Our-REST-implementation-td10834932s16154.html
>
> this
>
> > >> discussion and used the standard MVC mechanisms and had the views
> > >> returned
> > >> well formatted XML data (I do eventually intend to leverage
>
> ContextSwitch
>
> > >> capability).
> > >>
> > >> - Steve W.
> > >>
> > >> anz_nabble wrote:
> > >> > Can anyone explain how to develop a simple webservice using xml
>
> rpc.
>
> > >> > I had done many searches and didn't find a useful one. I need to
>
> know
>
> > >> > which files are placed in which locations
> > >> >
> > >> > Any good tutorial?
> > >
> > > --
> > > Matthew Weier O'Phinney
> > > Software Architect | matthew@zend.com
> > > Zend Framework | http://framework.zend.com/
> >
> > --
> > View this message in context:
>
> http://www.nabble.com/Problem-with-Zend_XmlRpc_Client-tp21598685p2183523
> 9.html
>
> > Sent from the Zend Web Services mailing list archive at Nabble.com.
--
Benjamin Eberlei
http://www.beberlei.de
没有评论:
发表评论