Usually, most security scenarios use WS-Addressing. But there are scenarios that uses security without WS-Addressing. Due to configuration file settings, WSF/PHP works with WS-Security only when WS-Addressing is also used. However, by doing some simple changes to a couple of Xml files, you can get WSF/PHP to support some security scenario's that does not use WS-Addressing.
Here is what you need to do.
1. Step One.
Open the axis2.xml file found in was_c directory. In it, change in inflow by adding another phase named Security as follows.
<phaseOrder type="inflow"> - <!-- System pre defined phases -->
<phase name="Transport" />
<phase name="PreDispatch" />
<phase name="Dispatch" />
<phase name="PostDispatch" />
<!-- End system pre defined phases -->
<!-- After PostDispatch phase, module or service author can add any phase as required -->
<!-- User defined phases could be added here -->
<phase name="Security" />
<phase name="Rahas" />
<phase name="RMPhase" />
I have highlighted the line added in red.
2. Step two
Open the module.xml file found in wsf_c/modules/rampart/ directory and change the inflow elements phase name attribute from "PreDispatch" to "Security" as follows.
<handler name="RampartInHandler" class="mod_rampart">
Again, I have highlighted the change.
That's all you need to do to get WS-Security to work without using WS-Addressing.
Note that,for this to work, you will have to have either SOAPAction or an element that matches the operation name in Soap Body. Of course there are some WS-Security scenarios that cannot work without WS-Addressing.