I have a big problem with my Symfony2 application. I have created a RestFul Api with FosRestBundle, FosUserBundle and LexikJWTAuthenticationBundle. On my computer, no problem, authentication works well. But when I upload the whole app on OVH shared server (perf1), the development environment still work but not the prod one. It says Bad credentials ... I use Postman to try.
我的Symfony2应用程序存在很大问题。我用FosRestBundle,FosUserBundle和LexikJWTAuthenticationBundle创建了一个RestFul Api。在我的电脑上,没问题,身份验证效果很好。但是当我在OVH共享服务器(perf1)上传整个应用程序时,开发环境仍然有效,但不是生产环境。它说Bad凭据......我用Postman试试。
My security.yml is the following :
我的security.yml如下:
security:
encoders:
FOS\UserBundle\Model\UserInterface:
algorithm: pbkdf2
hash_algorithm: sha512
encode_as_base64: true
iterations: 1000
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
login:
pattern: ^/auth/login
stateless: true
anonymous: true
form_login:
provider: fos_userbundle
check_path: /auth/login
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
require_previous_session: false
username_parameter: username
password_parameter: password
post_only: true
api_open:
pattern: ^/api/open
anonymous: true
stateless: true
lexik_jwt: ~
api_secured:
pattern: ^/api
anonymous: false
stateless: true
lexik_jwt: ~
access_control:
I have cleared and warmup the prod cache.
我已经清理并预热了prod缓存。
Do you have an idea from where it could come from ?
你知道它可能来自哪里吗?
Thank you.
1 个解决方案
#1
This is because apache is striping out your Authorization header from your request. My workaround is to add this in your .htaccess in your web folder or anywhere apache could load it :
这是因为apache正在从您的请求中删除您的Authorization标头。我的解决方法是在你的web文件夹中的.htaccess中添加它或者apache可以加载它的任何地方:
<IfModule mod_rewrite.c>
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
</IfModule>
/!\ Don't forget to activate url rewrite in apache (google it if you dont know what i mean)
/!\别忘了在apache中激活url重写(谷歌如果你不知道我的意思)
#1
This is because apache is striping out your Authorization header from your request. My workaround is to add this in your .htaccess in your web folder or anywhere apache could load it :
这是因为apache正在从您的请求中删除您的Authorization标头。我的解决方法是在你的web文件夹中的.htaccess中添加它或者apache可以加载它的任何地方:
<IfModule mod_rewrite.c>
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
</IfModule>
/!\ Don't forget to activate url rewrite in apache (google it if you dont know what i mean)
/!\别忘了在apache中激活url重写(谷歌如果你不知道我的意思)