Symfony 多重保护身份验证不记名令牌在登录时无法重定向
[英]Symfony Multiple guard Auth bearer token won't work redirecting in login
问题描述
I am strugling to make the multi guard auth working on my preprod server.
我正在努力使多重保护身份验证在我的 preprod 服务器上工作。
I have set up the multiple guard authenticator on a project.我已经在一个项目上设置了多重保护验证器。 One authenticator is for the normal form "login, password" Second is for an auth by request with a Bearer token.一个身份验证器用于标准形式的“登录名,密码”,第二个用于通过使用承载令牌的请求进行身份验证。 I have followed the documentation here : https://symfony.com/index.php/doc/4.4/security/multiple_guard_authenticators.html我遵循了这里的文档: https : //symfony.com/index.php/doc/4.4/security/multiple_guard_authenticators.html
Everything work fine with the local symfony server.在本地 symfony 服务器上一切正常。 If i curl like this :如果我像这样卷曲:
curl --location --request GET 'http://127.0.0.1:8000/' \
--header 'Authorization: Bearer 867504f2ff8e03672db2a5aee8f04f8bc17d60f62226d7c97aadb34012599c528f0047959f5ee22d251b3ca0c884bbf659e76a2b668fa9d2608b1fe8' \
--header 'Cookie: PHPSESSID=hd1ea3imfa77fmo5nsuheolmu2'
I am nicely auth and redirect to the index.我很好地验证并重定向到索引。 (or a fail respons : token expired or so..) But on my preproduction server, its just not working. (或失败响应:令牌过期左右......)但在我的预生产服务器上,它只是不工作。 No guard is launch and i am automatically 302 redirect to /login (login form)没有启动防护,我会自动 302 重定向到 /login(登录表单)
Here is my security.yaml这是我的 security.yaml
security:
providers:
our_db_provider:
entity:
class: App\Entity\User
property: apikey
encoders:
custom_sodium:
id: 'encoder_service'
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
http_basic: ~
form_login:
login_path: login
check_path: login
logout:
path: logout
target: login
logout_on_user_change: true
guard:
authenticators:
- App\Security\ApiTokenAuthenticator
- App\Security\LoginAuthAuthenticator
entry_point: App\Security\LoginFormAuthenticator
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/provider, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/action/createproposition, roles: ROLE_USER }
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/api/, roles: ROLE_USER }
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_USER }
role_hierarchy:
ROLE_ADMIN: [ROLE_USER]
I tried many things as trying to log the use of the Auth guard with monologue我尝试了很多事情,比如试图用独白记录 Auth 守卫的使用
On the local server, i can see that symfony call the authenticator to find out which one to use, and access the proper one.在本地服务器上,我可以看到 symfony 调用验证器以找出要使用的验证器,并访问正确的验证器。 On my preprod server i have no log who popup.在我的预生产服务器上,我没有弹出谁的日志。 So it look like no guard is used and it just redirect to /login because /^ is ROLE_USER所以看起来没有使用守卫,它只是重定向到 /login 因为 /^ 是 ROLE_USER
I also suspect the .htaccess conf to cause the problem, but i really don't know how to fix it..我也怀疑 .htaccess conf 会导致问题,但我真的不知道如何解决它..
Kindly, Naqued亲切的,Naqued
1 个解决方案
解决方案1
0 2021-07-26 13:55:25
After a lot of struggle i find out the problem this thread help me a lot :经过一番挣扎,我发现了这个问题,这个线程对我有很大帮助:
Authorization header missing in PHP POST request PHP POST 请求中缺少授权标头
I figured out that the Authorization key in the header was missing (logger on the host server)我发现标题中的授权密钥丢失(主机服务器上的记录器)
The problem was that on local server, there is no .htaccess On a server with apache2, in the .htaccess问题是在本地服务器上,没有 .htaccess 在带有 apache2 的服务器上,在 .htaccess
there was the rewriteEngine On So apache rewrite the header and don't write the authorization Key in the header of the request有rewriteEngine On 所以apache重写了header,不要在请求的header里写授权Key
Solution : In your .htaccess put解决方案:在您的 .htaccess 中放置
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
This work perfectly :)这项工作完美:)
Kindly, Naqued亲切的,Naqued
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.