Here‘s my solution to make SOAP-headers based authentication.

1). First of all we define the decorator class for our service class:

<?php

class SOAP_Service_Secure
{
    protected $class_name    = ‘‘;
    protected $authenticated = false;

    // -----

    public function __construct($class_name)
    {
        $this->class_name = $class_name;

    }

    public function AuthHeader($Header)
    {
        if($Header->username == ‘foo‘ && $Header->password == ‘bar‘)
            $this->authenticated = true;

    }

    public function __call($method_name, $arguments)
    {
        if(!method_exists($this->class_name, $method_name))
            throw new Exception(‘method not found‘);

        $this->checkAuth();

        return call_user_func_array(array($this->class_name, $method_name), $arguments);

    }

    // -----

    protected function checkAuth()
    {
        if(!$this->authenticated)
            HTML_Output::error(403);

    }

}
?>

2). Then we pass an instance of it to the SoapServer object.

<?php

    $Service = new SOAP_Service_Secure(‘My_Service‘);

    $Server = new SoapServer(‘my-service.wsdl‘);

    $Server->setObject($Service);

    $Server->handle();

?>

3). Implementing a client:

<?php

    $Client = new SoapClient(‘http://example.com/my-service.wsdl‘, array(
        ‘exceptions‘ => true
    ));
    
    // -----
    
    $AuthHeader = (object) array(‘username‘ => ‘foo‘, ‘password‘ => ‘bar‘);
    
    $Headers[] = new SoapHeader(‘http://example.com‘, ‘AuthHeader‘, $AuthHeader);
    
    $Client->__setSoapHeaders($Headers);
    
    // -----
    
    $Result = $Client->someMethod();

?>

非常不错！不过看的不是太明白，SOAP_Service_Secure->__call，好像跟 SosapClient->__call，有着关系？望高手指点

PHP WebService客户端验证