2001-09-14 22:13:45 +02:00
< HTML
>< HEAD
>< TITLE
2003-12-28 16:58:08 +01:00
> eGroupWare XML-RPC/SOAP Methodology
2001-09-14 22:13:45 +02:00
< /TITLE
>< META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.64
">< LINK
REL="NEXT"
TITLE=" Business layer requests
"
HREF="phpgw_server-1.html">< /HEAD
>< BODY
CLASS="ARTICLE"
>< DIV
CLASS="ARTICLE"
>< DIV
CLASS="TITLEPAGE"
>< H1
CLASS="TITLE"
>< A
NAME="AEN2"
2003-12-28 16:58:08 +01:00
>eGroupWare XML-RPC/SOAP Methodology< /A
2001-09-14 22:13:45 +02:00
>< /H1
>< H3
CLASS="AUTHOR"
>< A
NAME="AEN4"
>< /A
>< /H3
>< HR > < /DIV
>< DIV
CLASS="SECT1"
>< H1
CLASS="SECT1"
>< A
NAME="AEN8"
>System level requests< /A
>< /H1
>< DIV
CLASS="SECT2"
>< H2
CLASS="SECT2"
>< A
NAME="AEN10"
>Login and authentication< /A
>< /H2
>< P
2003-12-28 16:58:08 +01:00
> Authentication for user logins is handled internally no differently than for the typical eGroupWare login via web browser. Server logins, added for XML-RPC and SOAP, are only slightly different. For either protocol, user and server login and authentication and subsequent requests are handled by their respective server apps, xmlrpc.php and soap.php. A server is identified by a custom HTTP header, without which a normal user login will be undertaken.
2001-09-14 22:13:45 +02:00
< /P
>< P
> A client or server sends the appropriate XML-RPC or SOAP packet containing host, user, and password information to the phpgw server. The server then assigns a sessionid and key, which is returned to the client in the appropriate format.
< /P
>< P
> Our current method for authenticating requests after successful login is via the Authorization: Basic HTTP header to be sent by the client or requesting server. The format of this header is a base64 encoding of the assigned sessionid and kp3 variables, seperated by a ':'.
< /P
>< P
> Further security may be obtained by using SSL on the client and server. In the future, we may encrypt/descrypt the data on either end, or at least provide this as an option. The sessionid and key variables will make this possible, and relatively secure.
< /P
>< DIV
CLASS="SECT3"
>< H3
CLASS="SECT3"
>< A
NAME="AEN16"
>system.login< /A
>< /H3
>< P
> The first request a client will make is the system.login method. Here is a sample of a server login packet in XML-RPC:
< /P
>< TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
>< TR
>< TD
>< PRE
CLASS="PROGRAMLISTING"
>< ?xml version="1.0"?>
< methodCall>
< methodName> system.login< /methodName>
< params>
< param>
< value> < struct>
< member> < name> server_name< /name>
< value> < string> my.host.name< /string> < /value>
< /member>
< member> < name> username< /name>
< value> < string> bubba< /string> < /value>
< /member>
< member> < name> password< /name>
< value> < string> gump< /string> < /value>
< /member> < /struct> < /value>
< /param>
< /params>
< /methodCall>
< /PRE
>< /TD
>< /TR
>< /TABLE
>< P
> And the same in SOAP:
< /P
>< TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
>< TR
>< TD
>< PRE
CLASS="PROGRAMLISTING"
>< ?xml version="1.0"?>
< SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:si="http://soapinterop.org/xsd"
xmlns:ns6="http://soapinterop.org" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
< SOAP-ENV:Body> < ns6:system_login>
< server_name xsi:type=":string"> my.host.name< /server_name>
< username xsi:type=":string"> bubba< /username>
< password xsi:type=":string"> gump< /password>
< /ns6:system_login>
< /SOAP-ENV:Body>
< /SOAP-ENV:Envelope>
< /PRE
>< /TD
>< /TR
>< /TABLE
>< P
> The same style of packet would be required for a user/client login. A successful login should yield the following reply:
< /P
>< TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
>< TR
>< TD
>< PRE
CLASS="PROGRAMLISTING"
>< methodResponse>
< params>
< param>
< value> < struct>
< member> < name> sessionid< /name>
< value> < string> cf5c5534307562fc57915608377db007< /string> < /value>
< /member>
< member> < name> kp3< /name>
< value> < string> 2fe54daa11c8d52116788aa3f93cb70e< /string> < /value>
< /member>
< /struct> < /value>
< /param>
< /params>
< /methodResponse>
< /PRE
>< /TD
>< /TR
>< /TABLE
>< P
> And a failed login:
< /P
>< TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
>< TR
>< TD
>< PRE
CLASS="PROGRAMLISTING"
>< methodResponse>
< params>
< param>
< value> < struct>
< member> < name> GOAWAY< /name>
< value> < string> XOXO< /string> < /value>
< /member>
< /struct> < /value>
< /param>
< /params>
< /methodResponse>
< /PRE
>< /TD
>< /TR
>< /TABLE
>< P
> eqweqw
< /P
>< /DIV
>< DIV
CLASS="SECT3"
>< H3
CLASS="SECT3"
>< A
NAME="AEN27"
>system.logout< /A
>< /H3
>< P
> Logout:
< /P
>< TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
>< TR
>< TD
>< PRE
CLASS="PROGRAMLISTING"
>< ?xml version="1.0"?>
< methodCall>
< methodName> system.logout< /methodName>
< params> < param>
< value> < struct>
< member> < name> sessionid< /name>
< value> < string> ea35cac53d2c12bd05caecd97304478a< /string> < /value>
< /member>
< member> < name> kp3< /name>
< value> < string> 4f2b256e0da4e7cbbebaac9f1fc8ca4a< /string> < /value>
< /member>
< /struct> < /value>
< /param>
< /params>
< /methodCall>
< /PRE
>< /TD
>< /TR
>< /TABLE
>< P
> Logout worked:
< /P
>< TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
>< TR
>< TD
>< PRE
CLASS="PROGRAMLISTING"
>< methodResponse>
< params>
< param>
< value> < struct>
< member> < name> GOODBYE< /name>
< value> < string> XOXO< /string> < /value>
< /member>
< /struct> < /value>
< /param>
< /params>
< /methodResponse>
< /PRE
>< /TD
>< /TR
>< /TABLE
>< /DIV
>< /DIV
>< /DIV
>< /DIV
>< DIV
CLASS="NAVFOOTER"
>< HR
ALIGN="LEFT"
WIDTH="100%">< TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
>< TR
>< TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
> < /TD
>< TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
> < /TD
>< TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>< A
HREF="phpgw_server-1.html"
>Next< /A
>< /TD
>< /TR
>< TR
>< TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
> < /TD
>< TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
> < /TD
>< TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Business layer requests< /TD
>< /TR
>< /TABLE
>< /DIV
>< /BODY
>< /HTML
2003-12-28 16:58:08 +01:00
>
