Geek Answers Handbook

Adding authentication features to soap server (using Zend)?

I have a soap server that is created like this:

class ServerController extends Zend_Controller_Action
{
    public function serverAction()
    {
       memcache_flush();
       Zend_Registry::get('cache')->clean(Zend_Cache::CLEANING_MODE_ALL);

       $server = new SoapServer("http://####/services/soap-server/wsdl");
       $server->setClass('SOAP_Server_Map');
       $server->handle();
    }
}

I want to add authentication to it so that whenever someone makes a function call in " SOAP_Server_Map", he checks that the credentials provided in the SoapClient parameter array ("login" and "password") are valid.

Does anyone have any suggestions / help?

+5
source share
3 answers

To add authentication to Zend_Soap_Server or Zend_Json_Server, simply specify HTTP authentication in your HTTP server (i.e.: Apache) or the .htaccess file. The following .htaccess file should work:

AuthType Basic
AuthName "Supreme Data Services"
AuthUserFile /var/www/localhost/passwd
Require valid-user

, docroot . htpasswd, Apache. , .

(-), . Zend Framework , SOAP:

$client = new Zend_Soap_Client($wsdl, array('login' => $username, 'password' => $password));

JSONRPC:

$http = new Zend_Http_Client();
$http->setAuth($username, $password);
$client = new Zend_Json_Client($uri, $http);
+5

, :

, SOAP/ , , - , ?

Another way I'm going to solve is using API keys, for example, providing the key: ABCDKEY and having a URL like:

http: // #### / services / soap-server / ABCDKEY

This introduces security risks (magic link attack), but I saw how it is implemented in personalized RSS feeds, etc. Any comments?

0
source

More articles:


All Articles