Implementing SOAP on cakePHP
4 : Security
I have recently (last week) started using cakePHP. I choose cake because it works with AMFPHP and because I thought cake had built in support for web services (including soap). I'm not complaining, but I was somewhat disappointed to find out that support for web services is limited to routing, which I could not get to work anyway...
Let me start by saying that I do not have a tested method for securing my soap, however I do have some ideas.
Using my previous example, you could add HTTP authentication to the soap call by adding a user name and password to the SoapClient.
Then when you do your authentication check $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] for valid user.
I will be posting all code and usage instructions in the next couple days.
I just ran into this site:
http://instantsvc.toolslave.net
It looks like a pretty sweet library for serving soap and wsdl. Once again it is php5 only... But if the cake core was to include soap support, this could be a good place to start.
Using my previous example, you could add HTTP authentication to the soap call by adding a user name and password to the SoapClient.
$client = new SoapClient("http://ftc/soap5/wsdl/NotesController/",
array("login" => "admin", "password" => "adminpwd",
'classmap' => array('Note_vo' => "Note_vo") )
);
Then when you do your authentication check $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] for valid user.
Conclusion
Code
I will be posting all code and usage instructions in the next couple days.
I just ran into this site:
http://instantsvc.toolslave.net
It looks like a pretty sweet library for serving soap and wsdl. Once again it is php5 only... But if the cake core was to include soap support, this could be a good place to start.
Comments
Comment
1 Fantastic
One comment about securty: I've noticed that a lot of the public web services and api's have a login method which returns a "session id" which is then used on every other method. This helps as the login method can be done over SSL and the rest of them will be faster done over normal HTTP. In that way the username and password are not transferred in clear text over HTTP.
Comment
2 Nice
I've also implemented some SOAP services using CakePHP. But I have slightly different way to do it.
First of all I made the wsdl files manually (using Eclipse tools). It's quite important for me to have full control over my wsdl files.
Each SOAP service (port) has it's own controller, called soap_service_name_controller and there is route to each soap service and wsdl file defined in the `routes.php`.
It's simple way to link SOAP services defined in wsdl file with cake controllers.
When I find some spare time I will put an article describing my way of implementing SOAP services.
Question
3 Code and usage instructions
Comment
4 Example request
Can you post your way of doing SOAP service on top of cakePHP? Would be intrested to see that.