Symfony2 http_basic安全性拒绝有效的凭据 [英] Symfony2 http_basic security rejects valid credentials

查看:58
本文介绍了Symfony2 http_basic安全性拒绝有效的凭据的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我使用Symfony Standard 2.0.0BETA1,并尝试配置与本书的章节

I use Symfony Standard 2.0.0BETA1 and tried to configure http_basic authentication exactly the same as in this book chapter

security:
encoders:
    Symfony\Component\Security\Core\User\User: plaintext

providers:
    main:
        users:
            foo: { password: testing, roles: ROLE_USER }

firewalls:
    main:
        pattern:    /.*
        http_basic: true
        logout:     true

access_control:
    - { path: /.*, role: ROLE_USER }

问题是当我尝试打开一个页面并提交用户名"foo"和密码"testing"时,它只是循环并无限地询问我凭证或显示错误页面.

Problem is when I try to open a page and i submit user name "foo" and password "testing" it simply loops and ask me for credential infinitely or display error page.

重现问题的步骤:

  1. http://symfony.com/doc复制安全配置/current/book/security/overview.html#configuration 并将其粘贴到security.yml文件
  2. 刷新应用首页
  3. 输入有效的凭据
  1. Copy security configuration from http://symfony.com/doc/current/book/security/overview.html#configuration and past it to security.yml file
  2. Refresh app home page
  3. Enter valid credentials

预期的行为是查看主页,但显示凭据提示.

Expected behavior is to see home page but instead credentials prompt is shown.

有人知道为什么会发生这种情况以及如何解决吗?

Does anyone know why that happens and how to fix it?

推荐答案

http基本身份验证在Apache下被PHP破坏为cgi/fastCGI

The http basic authentication is broken with PHP as cgi/fastCGI under Apache

有一种解决方法:

app_dev.php 

if( !isset($_SERVER['PHP_AUTH_USER']) )
{
    if (isset($_SERVER['HTTP_AUTHORIZATION']) && (strlen($_SERVER['HTTP_AUTHORIZATION']) > 0))
    {
        list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
        if( strlen($_SERVER['PHP_AUTH_USER']) == 0 || strlen($_SERVER['PHP_AUTH_PW']) == 0 )
        {
            unset($_SERVER['PHP_AUTH_USER']);
            unset($_SERVER['PHP_AUTH_PW']);
        }
    }
}

web/.htaccess 

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] 
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^(.*)$ app.php [QSA,L]
</IfModule>

来源: symfony github问题

Source: symfony github issue

这篇关于Symfony2 http_basic安全性拒绝有效的凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆