Symfony2 security.yml:http basic auth返回500而不是401

时间:2013-03-08 10:33:33

标签: symfony http-basic-authentication

我正在尝试使用symfony 2设置一个非常简单的http-basic身份验证。不幸的是,我不断收到500 HTTP错误代码AccessDeniedException: Access Denied,而不是401,这会强制浏览器显示用户名/密码框。

这是我的security.yml:

jms_security_extra:
    secure_all_services: false
    expressions: true

security:
    firewalls:
        secured_area:
            pattern:    ^/
            anonymous: ~
            http_basic:
                realm: "Flow"

    access_control:
        - { path: ^/flow/checkout/, roles: ROLE_USER }

    providers:
        in_memory:
            memory:
                users:
                    user:  { password: userpass, roles: ROLE_USER }
                    admin: { password: kitten, roles: ROLE_ADMIN }

    encoders:
        Symfony\Component\Security\Core\User\User: plaintext

任何想法有什么不对?

这是我正在呼叫的网址:http://local.shop/web/app_dev.php/flow/checkout

这就是我得到的答案: enter image description here

1 个答案:

答案 0 :(得分:0)

您是否尝试使用pattern: .*

security:
    firewalls:
        secured_area:
            pattern: .*
            anonymous: ~
            http_basic:
                realm: "Flow"

我认为您的防火墙被绕过,并且您尝试直接访问应用程序的“部分”,如果您未经过身份验证,则无法访问该部分

使用“旧”路径,只有当请求是/ url(表示/ foo或/ foo / bar或/ foo / bar / foobar)时,才会要求防火墙“将请求记入帐户”没有截获)

更新

[2013-03-18 09:20:48] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] []
[2013-03-18 09:20:48] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2013-03-18 09:20:48] security.INFO: No expression found; abstaining from voting. [] []
[2013-03-18 09:20:48] event.DEBUG: Notified event "kernel.exception" to listener "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException". [] []
[2013-03-18 09:20:48] security.DEBUG: Access is denied (user is not fully authenticated) by "/var/www/html/cm/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 73; redirecting to authentication entry point [] []
[2013-03-18 09:20:48] security.DEBUG: Calling Authentication entry point [] []

当内核拦截对“必须拥有身份验证”资源的请求时,这是一个日志示例

相关问题
最新问题