Use Web services in PHP5 to access J2EE applications (4)

Using Web services in PHP5 to access J2EE applications (4) handle SOAP errors <br/> What if an error occurs during client running? Like other languages (such as Java), PHP5 adds a new SOAP error handling feature.

What if an error occurs when running the client? Like other languages (such as Java), PHP 5 adds an exception mechanism. Ext/soap uses this new mechanism to return errors in the form of SoapFault objects. For example, you can wrap the code in the following form:

Try {
... Some SOAP operation
} Catch (SoapFault $ soapFault ){
Echo $ soapFault;
}
Note: Unlike Java, try-catch blocks in PHP cannot contain finally clauses.

SoapFault can be generated locally. For example, assume that the startDate parameter of getForecast is incorrect. The output of the client is:

SoapFault exception: [SOAP-ENV: Client]
SOAP-ERROR: Encoding: object hasn 't'startdate' property in WeatherClientEJB. php: 32
Stack trace: #0 WeatherClientEJB. php (32): SoapClient-> getForecast ('getforecast ', Array)
#1 WeatherClientEJB. php (73): displayForecast (Array)
#2 {main}
Note that there is no trace output because no request is sent. SOAP_ENV: the Client is one of the values defined in the Faulty body element Faultcode field in the SOAP specification.

This SoapFault is generated when an error is detected in ext/soap. it does not send a SOAP message. However, SoapFaults can also report errors found on the server. For example, if you modify the code, set the value of startDate to "badDateString ". This is an illegal ISO 8601 string, but ext/soap does not check the provided format. it only sends the message to the server, and the server rejects the request:

Request:
<? Xml version = "1.0" encoding = "UTF-8"?>
<SOAP-ENV: Envelope xmlns: SOAP-ENV = "http://schemas.xmlsoap.org/soap/envelope"
Xmlns: ns1 = "http://session.itso">
SOAP-ENV: Body>
<Ns1: getForecast>
<Ns1: startDate> badDateString </ns1: startDate>
<Ns1: days> 2 </ns1: days>
</Ns1: getForecast>
SOAP-ENV: Body>
SOAP-ENV: Envelope>

Response:
<? Xml version = "1.0" encoding = "UTF-8"?>
<Soapenv: Envelope xmlns: soapenv = "http://schemas.xmlsoap.org/soap/envelope"
Xmlns: soapenc = "http://schemas.xmlsoap.org/soap/encoding"
Xmlns: xsd = "http://www.w3.org/2001/XMLSchema"
Xmlns: xsi = "http://www.w3.org/2001/XMLSchema-instance">
<Soapenv: Body>
<Fault xmlns = "http://schemas.xmlsoap.org/soap/envelope/">
<Faultcode xmlns = ""> Server. generalException </faultcode>
<Faultstring xmlns = "">
<! [CDATA [java. lang. NumberFormatException:
WSWS3046E: Error: Invalid date/time: badDateString]>
</Faultstring>
<Detail xmlns = ""/>
</Fault>
</Soapenv: Body>
</Soapenv: Envelope>

SoapFault exception: [Server. generalException] java. lang. NumberFormatException:
WSWS3046E: Error: Invalid date/time: badDateString in WeatherClientEJB. php: 32
Stack trace: #0 WeatherClientEJB. php (32): SoapClient-> getForecast ('getforecast ', Array)
#1 WeatherClientEJB. php (73): displayForecast (Array)
#2 {main}
This time, the SOAP request is passed to the server, but is rejected because the date format is invalid. The WeatherForecastEJB implementation throws a java. lang. NumberFormatException, which is returned as the Faulty body element in the SOAP response and reported to the client as a SoapFault exception.

Protect Web services

We have examined three security methods and how to use them in PHP:

Basic HTTP authentication

If the HTTP server requires the client to perform Authentication, it will request the user to enter the id and password and add the Authentication Required HTTP header file in the response. Before proceeding to the subsequent operations, the client must respond to a request containing the Authorization HTTP header file.

HTTP authentication requests are usually sent to Web servers rather than Web service providers. The Authentication Required HTTP header file is passed to the browser. in the pop-up dialog box of the browser, request the user id and password, and then send the user's response to the Web server as the HTTP Authorization header file. This can be easily implemented in PHP scripts. you can use the header () function to send the required HTTP header file fields. For example:

If (! Isset ($ _ SERVER ['php _ AUTH_USER ']) {
Header ('www-Authenticate: Basic realm = "Weather "');
Header ("HTTP/1.0 401 Unauthorized ");
}
Echo "Welcome". $ _ SERVER ['php _ AUTH_USER '];
This process is detailed in the HTTP authentication chapter using PHP in the PHP Manual.

You may encounter such Web services. these service providers require PHP Web service clients to use HTTP for authentication. Ext/soap provides a simple method to send the header file of an HTTP Authorization request, using the options array passed to the SoapClient constructor:

$ SoapClient = new SoapClient ("http: // localhost: 9080 /".
"ItsoWebService2RouterWeb/wsdl/itso/session/WeatherForecastEJB. wsdl ",
Array ('login' => "userid ",
'Password' => "password "));
However, people think that basic HTTP authentication is not a safe method for user authentication (unless it is used together with other external security systems, such as SSL ), because the user name and password are transmitted in plain text on the network. HTTP Digest verification improves this method by using an encrypted password, but not all browsers support this improvement. In addition, the PHP header () function only supports basic authentication.

SSL (Secure Socket Layer)

A more secure protocol is HTTPS (HTTP over SSL), which uses SSL to encrypt HTTP messages. SSL works on the transport layer and does not understand HTTP or SOAP. Therefore, it cannot encrypt only the sensitive components in the message, but must encrypt the entire message. HTTPS can be used between a browser and a Web server, or between a Web server and a Web service provider.

If OpenSSL is compiled and enabled, PHP supports HTTPS. For more information about how to use SSL in PHP scripts, see the OpenSSL chapter in the PHP Manual.

What about identity authentication? SSL can send a security certificate, and the other party can accept or reject the security certificate. This method is effective if the client is required to verify the Web service provider (such as e-commerce applications. However, if the Web service itself provides access to sensitive information, the Web service provider still needs to verify each customer. Certificate-based authentication is not suitable, because there may be a lot of customers, and it is dynamic, it is unrealistic to distribute the appropriate certificate to each customer in advance.

WS-Security

The WS-Security standard provides different methods for Web service Security. Currently, the security control we have investigated is beyond the SOAP protocol. However, WS-Security implements Security control by adding Security header files to SOAP messages. For example, for WS-Security basic identity authentication (different from HTTP basic identity authentication), the following labels will appear in the SOAP header file:

<Wsse: UsernameToken>
<Wsse: Username> userid </wsse: Username>
<Wsse: Password> password </wsse: Password>
</Wsse: UsernameToken>
This is just a simple example. However, the complete security extension set is perfect, including not only authentication, but also integrity and confidentiality.

Currently, ext/soap does not provide good support for WS-Security. Therefore, if you want to send and receive the WS-Security header file in PHP, you must go deep into the underlying interface and create the SOAP header file explicitly. So far, the example uses the ext/soap WSDL mode. However, there is also a non-WSDL mode that can be used to control the entire SOAP message. Of course, you must also do a lot of work in the code. You can use the SoapHeader, SoapParam, and SoapVar classes to create messages, and then use SoapClient ::__ call to send SOAP requests and receive responses. Without any built-in support, writing Web Service Security Extensions (or other advanced specifications such as WS-Transactions) in PHP is a very difficult task, we do not intend to try this in this article.

Conclusion

It is not difficult to use php soap extensions. No matter how the server is implemented, you only need a few lines of code to develop a PHP script to access simple Web services. As usual, PHP is very easy to use. This article mainly discusses how to use the SoapClient class to access existing Web services on heterogeneous networks. However, by using ext/soap, the SoapServer class can also be used to deploy Web services, which is also very intuitive.

To process more complex interactions, the current ext/soap Version cannot provide us with a lot of help. The ing from the XML schema to PHP is sometimes not clear enough and can only be verified by testing or studying the source code. If you want to use a more advanced Web service protocol, the only option is to study the non-WSDL mode in depth and use your own script to create the SOAP header file. However, this is tedious and error-prone.

An important claim for Web Services is the interoperability between different platforms, operating systems, and programming languages. The standalone WS-I (Web Services Interoperability) Organization provides a test package to verify adaptability to its Basic Profile, and we want to see that ext/soap can reach a certain degree and demonstrate that it can adapt. We also hope that ext/soap will continue to develop and become the mainstream extension of PHP.