我正在尝试在Symfony 2中实现custom authentication provider。我正在使用Fiddler发送测试请求并打印所有标头服务器端;好吧,Authorization标题丢失了。
我做错了吗?
GET /RESTfulBackend/web/index.php HTTP/1.1
Authorization: FID 44CF9590006BF252F707:jZNOcbfWmD/
Host: localhost
User-Agent: Fiddler
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: it-it,it;q=0.8,en-us;q=0.5,en;q=0.3
Listener只打印标题并退出:
class HMACListener implements ListenerInterface
{
private $securityContext;
private $authenticationManager;
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
print_r($request->headers->all());
die();
}
}
缺少响应Authorization标头:
Array
(
[host] => Array
(
[0] => localhost
)
[user-agent] => Array
(
[0] => Fiddler
)
[accept] => Array
(
[0] => text/html,application/xhtml+xml,application/xml
)
[accept-language] => Array
(
[0] => it-it,it;q=0.8,en-us;q=0.5,en;q=0.3
)
)
答案 0 :(得分:54)
您必须将此代码添加到虚拟主机
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
在Virtualhost标记中工作,而不是在目录标记中工作。
答案 1 :(得分:28)
Akambi的回答对我不起作用,但在php网站上找到了这个答案:
“CGI / FastCGI Apache下缺少授权标头的解决方法:
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
如果客户端发送Authorization标头,PHP应自动声明$ _SERVER [PHP_AUTH_ *]变量。“
谢谢derkontrollfreak + 9hy5l!
答案 2 :(得分:18)
当时验证的解决方案对我有用,可以获得Authorization标题。但是,当传入请求中没有时,它会生成一个空的Authorization标头。这就是我解决它的方法:
RewriteEngine On
RewriteCond %{HTTP:Authorization} .+
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
答案 3 :(得分:9)
使用自定义Authorization标头编写公共API时遇到了同样的问题。要修复HeaderBag我使用了一个监听器:
namespace My\Project\Frontend\EventListener;
use Symfony\Component\HttpFoundation\HeaderBag;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
/**
* Listener for the REQUEST event. Patches the HeaderBag because the
* "Authorization" header is not included in $_SERVER
*/
class AuthenticationHeaderListener
{
/**
* Handles REQUEST event
*
* @param GetResponseEvent $event the event
*/
public function onKernelRequest(GetResponseEvent $event)
{
$this->fixAuthHeader($event->getRequest()->headers);
}
/**
* PHP does not include HTTP_AUTHORIZATION in the $_SERVER array, so this header is missing.
* We retrieve it from apache_request_headers()
*
* @param HeaderBag $headers
*/
protected function fixAuthHeader(HeaderBag $headers)
{
if (!$headers->has('Authorization') && function_exists('apache_request_headers')) {
$all = apache_request_headers();
if (isset($all['Authorization'])) {
$headers->set('Authorization', $all['Authorization']);
}
}
}
}
并将其绑定到服务定义中的kernel.request:
services:
fix_authentication_header_listener:
class: My\Project\Frontend\EventListener\AuthenticationHeaderListener
tags:
- { name: kernel.event_listener, event: kernel.request, method: onKernelRequest, priority: 255 }
答案 4 :(得分:8)
授权标头用于http basic authentication,如果不是有效格式,则由apache丢弃。尝试使用其他名称。
答案 5 :(得分:5)
其他选项不适用于Apache 2.4的另一个选项是在相关<Directory>上下文中设置CGIPassAuth选项,如下所示:
CGIPassAuth On
根据文档,它自Apache 2.4.13起可用。
答案 6 :(得分:0)
另一种解决方案是将PHP处理程序更改为以Apache Module而不是CGI application运行PHP。
答案 7 :(得分:0)
We should authorise this header "Authorization" on the server side,
it's also simply done with nelmioCorsBundle
nelmio_cors:
defaults:
allow_credentials: false
allow_origin: []
allow_headers: []
allow_methods: []
expose_headers: []
max_age: 0
hosts: []
origin_regex: false
forced_allow_origin_value: ~
paths:
'^/api/':
allow_origin: ['*']
allow_headers: ['Authorization']