How to require Authentication Soap Header in WSDL?

Question

I have created a web service in php using SOAPServer. It expects to see a SoapHeader UsernameToken with username and password elements. Everything actually works fine when I include this header in the request. Just by defining a method in the Soap handler class named "UsernameToken" this method is called and the stdClass Obj is passed to it. I can then validate user by $Obj->username and $Obj->password.

What I don't know is what to add to the WSDL file to first of all define this UsernameToken header and second how to indicate in WSDL that it is required?

I've read somewhere that new SOAP standard deprecated the notion of "required" header.

Any advice on how to at least indicate is my wsdl that request should include this header?

Answer 1

Long answer. See this post.

In the client you can use mustUnderstand attribute to indicate whether a header entry is mandatory or optional for the recipient to process. If the server can't or don't want process a mandatory header it must throw an SOAP Fault to the client.

Answer 2

Did you look at section 2.1.3 of http://www.w3.org/TR/wsdl. I also couldn't find anything of required becoming depricated.

Answer 3

Here is an example of a WSDL specifying the login: https://ws1.webservices.nl/soap_doclit?wsdl

<binding name="Webservices.nlBinding" type="tns:Webservices.nlPortType">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<operation name="login">
<soap:operation soapAction="https://ws1.webservices.nl/soap_doclit.php/login" style="document"/>
<input>
<soap:body use="literal"/>
<soap:header message="tns:Headers" part="HeaderLogin" use="literal"/>
<soap:header message="tns:Headers" part="HeaderAuthenticate" use="literal"/>
</input>