Symfony2 http_basic安全性拒绝有效的凭据 [英] Symfony2 http_basic security rejects valid credentials
问题描述
我使用Symfony Standard 2.0.0BETA1,并尝试配置与本书的章节
I use Symfony Standard 2.0.0BETA1 and tried to configure http_basic authentication exactly the same as in this book chapter
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
providers:
main:
users:
foo: { password: testing, roles: ROLE_USER }
firewalls:
main:
pattern: /.*
http_basic: true
logout: true
access_control:
- { path: /.*, role: ROLE_USER }
问题是当我尝试打开一个页面并提交用户名"foo"和密码"testing"时,它只是循环并无限地询问我凭证或显示错误页面.
Problem is when I try to open a page and i submit user name "foo" and password "testing" it simply loops and ask me for credential infinitely or display error page.
重现问题的步骤:
- 从 http://symfony.com/doc复制安全配置/current/book/security/overview.html#configuration 并将其粘贴到security.yml文件
- 刷新应用首页
- 输入有效的凭据
- Copy security configuration from http://symfony.com/doc/current/book/security/overview.html#configuration and past it to security.yml file
- Refresh app home page
- Enter valid credentials
预期的行为是查看主页,但显示凭据提示.
Expected behavior is to see home page but instead credentials prompt is shown.
有人知道为什么会发生这种情况以及如何解决吗?
Does anyone know why that happens and how to fix it?
推荐答案
http基本身份验证在Apache下被PHP破坏为cgi/fastCGI
The http basic authentication is broken with PHP as cgi/fastCGI under Apache
有一种解决方法:
app_dev.php
if( !isset($_SERVER['PHP_AUTH_USER']) )
{
if (isset($_SERVER['HTTP_AUTHORIZATION']) && (strlen($_SERVER['HTTP_AUTHORIZATION']) > 0))
{
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
if( strlen($_SERVER['PHP_AUTH_USER']) == 0 || strlen($_SERVER['PHP_AUTH_PW']) == 0 )
{
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
}
}
}
web/.htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ app.php [QSA,L]
</IfModule>
来源: symfony github问题
Source: symfony github issue
这篇关于Symfony2 http_basic安全性拒绝有效的凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!