Symfony的2接收基本身份验证后，匿名令牌 [英] Symfony 2 receiving anonymous token after basic authentication

问题描述

我必须使用基本 in_memory 认证（如在的security文档）。登录工作在我们的开发环境（S）的罚款。但临时服务器上的基本身份验证似乎并没有提供一个适当的令牌-as出现在此提供logfile-;因此，我们继续一次又一次地得到登录弹出。

I have a Symfony 2 app using the basic in_memory authentication (as described in the security documentation). The login works fine in our development environment(s). But on the staging server, the basic authentication doesn't seem to provide a proper token -as seen in the hereby provided logfile-; thus we keep on getting the login popup again and again.

我们的安全配置：

security:
    firewalls:
        secured_area:
            pattern:    ^/
            anonymous: ~
            http_basic:
                realm: "Secured Demo Area"

    access_control:
        - { path: ^/admin, roles: [ROLE_ADMIN]}

    providers:
        in_memory:
            users:
                admin: { password: admin, roles: 'ROLE_ADMIN' }

    encoders:
        Symfony\Component\Security\Core\User\User: plaintext

这是从（成功）的开发环境登录输出日志：

This is the log output from the (successful) development environment login:

[2011-07-21 13:49:48] security.DEBUG: Read SecurityContext from the session [] []
[2011-07-21 13:49:48] security.DEBUG: Reloading user from user provider. [] []
[2011-07-21 13:49:48] security.DEBUG: Username "root" was reloaded from user provider. [] []

这是从分段环境登录输出日志：

And this is the log output from the staging environment login:

[2011-07-21 13:53:08] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2011-07-21 13:53:08] security.DEBUG: Access denied (user is not fully authenticated); redirecting to authentication entry point [] []
[2011-07-21 13:53:08] security.DEBUG: Calling Authentication entry point [] []

在此先感谢您的帮助。

Thanks in advance for the help.

推荐答案

您的开发环境可能是运行PHP，mod_php的，而你的临时服务器可能运行作为FastCGI的。默认情况下， PHP_AUTH_USER 和 PHP_AUTH_PW 服务器变量没有填写在这种情况下，当你通过HTTP基本身份验证，而这些是什么Symfony的使用创造了安全环境和验证您的密码。

Your dev environment is probably running PHP as mod_php while your staging server is probably running it as FastCGI. By default, the PHP_AUTH_USER and PHP_AUTH_PW server variables are not filled in this context when you authenticate via HTTP basic, and these are what Symfony is using to create the Security context and validate your password.

如果你在Apache上运行这是FCGI就可以解决这个问题。一个很给力的FastCGI通过授权头，它通常燮presses。这Apache的网站定义添加其他FastCGI的配置选项旁边的：

If you're running this as FCGI on Apache you can fix this. One is to force FastCGI to pass the Authorization header, which it normally suppresses. Add this to the Apache site definition next to the other FastCGI configuration options:

FcgidPassHeader     Authorization

有关其他应用程序，你可能还需要浪费时间在更大的程度（这里描述 ），但Symfony的刚好路过的标题就足够了。

For other applications you may also need to mess around to a greater degree (as described here) but for Symfony just passing the header should be sufficient.

这篇关于Symfony的2接收基本身份验证后，匿名令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！