PHP :: Bug #47761 :: Since 5.2.9 SoapClient no longer attempts Basic auth to retrieve a WSDL file

Bug #47761

Since 5.2.9 SoapClient no longer attempts Basic auth to retrieve a WSDL file

Submitted:

2009-03-24 13:53 UTC

Modified:

2009-10-07 01:00 UTC

Votes:	6
Avg. Score:	4.8 ± 0.4
Reproduced:	5 of 5 (100.0%)
Same Version:	4 (80.0%)
Same OS:	3 (60.0%)

From:

marques at displague dot com

Assigned:

Status:

No Feedback

Package:

SOAP related

PHP Version:

5.2.9

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	marques at displague dot com
New email:
PHP Version:		OS:

New Comment:

[2009-03-24 13:53 UTC] marques at displague dot com

Description:
------------
Since 5.2.9, SoapClient no longer attempts HTTP Basic authentication to retrieve a wsdl file.

Prior to this version Basic was attempted and Digest was not.  Digest should also be attempted but that is a matter for another bug.  The SoapClient option 'authentication' has no effect on wsdl retrieval.

A work-around is to fetch the WSDL file manually or via PHP commands within the SOAP code, but that method can be cumbersome because digest auth code has to be written from scratch and Bug #47759 (chunk encoding) can get in the way.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-08-06 22:02 UTC] sriram dot natarajan at gmail dot com

why is there still a need to support basic authentication ? can u kindly explain that scenario ?

[2009-08-07 03:52 UTC] marques at displague dot com

One scenario, you are making your own SOAP Server service.  It is  more difficult to write a digest auth server than it is to write a basic auth server.  Again, consider that PHP web requests are all made as HTTP/1.0 because Chunk decoding is not handled properly (or at all) and so Digest, which is HTTP/1.1 specific is technically not an option without a good deal of custom coding.

Aside from that, I imagine there are just some HTTP/1.0 or Basic only servers out there.

[2009-09-29 11:20 UTC] sjoerd@php.net

Thank you for your bug report.

How did you try to pass the username and password to the SOAP client? Please try putting them in the URL, like this:
http://user:pass@www.example.com/service.wsdl

[2009-10-07 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

[2012-02-08 05:31 UTC] clockwerx@php.net

$ php -v
PHP 5.2.17-0.dotdeb.0 with Suhosin-Patch 0.9.7 (cli) (built: Jan  7 2011 
07:47:48)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies

Doing:

<?php
$wsdl = ...;

$soapOptions = array(
    'login' => '...',
    'password' => '...',
    'trace' => 1,
    'exceptions' => true,
);
$code_table_client = new RPDesktopCodeTableSoapClient(new SoapClient($wsdl, 
$soapOptions));

The basic auth works for the initial connection, but other components of the 
WSDL that are being referred to don't load the credentials.

[2012-02-08 05:38 UTC] clockwerx@php.net

See https://gist.github.com/1765797

The WSDL depicted there is behind a load balancer which deals with the SSL bits - it's actually served 
over https.

While the initial basic auth works, further requests don't appear to.

I suspect>
 1. WSDL loaded over HTTPS with HTTP Basic Auth
 2. WSDL points to a http address with a port, which is not recognised as the same site
 3. A new request is made to grab the xsd bits
 4. The server redirects http to https

Expected:
At step 4, the http basic auth credentials are used

Actual:
SoapFault exception: [WSDL] SOAP-ERROR: Parsing Schema: can't import schema from 
'http://*****:80/codetable-service/CodeTableService?xsd=3' in settings.php:82
Stack trace:
#0 settings.php(82): SoapClient->SoapClient('https://****...', Array)
#1 ettings.php(2): require('...')
#2 {main}

Warning: SoapClient::SoapClient(http://****:80/codetable-service/CodeTableService?xsd=3) 
[soapclient.soapclient]: failed to open stream: HTTP request failed! HTTP/1.1 401 Unauthorized in 
settings.php on line 82

Warning: SoapClient::SoapClient() [soapclient.soapclient]: I/O warning : failed to load external entity 
"http://****:80/codetable-service/CodeTableService?xsd=3" in settings.php on line 82

[2012-02-09 00:02 UTC] clockwerx@php.net

Further exploration of this issue, after ensuring everything is running happily 
on https:


Configuring a URI of https://name/path/to/wsdl

and receiving a WSDL with 
https://name:443/path/to/WSDL/bit

... fails to trigger the authentication.

Evidently, "https://name:443" and "https://name" are considered different URIs, 
even if they are equivalent.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 16:01:28 2024 UTC