Symfony2 - prod模式下的身份验证失败

时间:2022-10-24 14:15:27

I have a big problem with my Symfony2 application. I have created a RestFul Api with FosRestBundle, FosUserBundle and LexikJWTAuthenticationBundle. On my computer, no problem, authentication works well. But when I upload the whole app on OVH shared server (perf1), the development environment still work but not the prod one. It says Bad credentials ... I use Postman to try.

我的Symfony2应用程序存在很大问题。我用FosRestBundle,FosUserBundle和LexikJWTAuthenticationBundle创建了一个RestFul Api。在我的电脑上,没问题,身份验证效果很好。但是当我在OVH共享服务器(perf1)上传整个应用程序时,开发环境仍然有效,但不是生产环境。它说Bad凭据......我用Postman试试。

My security.yml is the following :

我的security.yml如下:

security:
encoders:
    FOS\UserBundle\Model\UserInterface: 
        algorithm:            pbkdf2
        hash_algorithm:       sha512
        encode_as_base64:     true
        iterations:           1000

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: ROLE_ADMIN

providers:
    fos_userbundle:
        id: fos_user.user_provider.username_email

firewalls:
    login:
        pattern:  ^/auth/login
        stateless: true
        anonymous: true
        form_login:
            provider: fos_userbundle
            check_path:               /auth/login
            success_handler:          lexik_jwt_authentication.handler.authentication_success
            failure_handler:          lexik_jwt_authentication.handler.authentication_failure
            require_previous_session: false
            username_parameter: username
            password_parameter: password
            post_only:      true

    api_open:
        pattern: ^/api/open
        anonymous:    true
        stateless: true
        lexik_jwt: ~

    api_secured:
        pattern: ^/api
        anonymous:    false
        stateless: true
        lexik_jwt: ~

access_control:

I have cleared and warmup the prod cache.

我已经清理并预热了prod缓存。

Do you have an idea from where it could come from ?

你知道它可能来自哪里吗?

Thank you.

1 个解决方案

#1

This is because apache is striping out your Authorization header from your request. My workaround is to add this in your .htaccess in your web folder or anywhere apache could load it :

这是因为apache正在从您的请求中删除您的Authorization标头。我的解决方法是在你的web文件夹中的.htaccess中添加它或者apache可以加载它的任何地方:

<IfModule mod_rewrite.c>
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
</IfModule>

/!\ Don't forget to activate url rewrite in apache (google it if you dont know what i mean)

/!\别忘了在apache中激活url重写(谷歌如果你不知道我的意思)

#1

This is because apache is striping out your Authorization header from your request. My workaround is to add this in your .htaccess in your web folder or anywhere apache could load it :

这是因为apache正在从您的请求中删除您的Authorization标头。我的解决方法是在你的web文件夹中的.htaccess中添加它或者apache可以加载它的任何地方:

<IfModule mod_rewrite.c>
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
</IfModule>

/!\ Don't forget to activate url rewrite in apache (google it if you dont know what i mean)

/!\别忘了在apache中激活url重写(谷歌如果你不知道我的意思)

标签:

相关文章