全站http auth干扰Symfony2应用程序身份验证

时间:2013-07-09 16:33:16

标签: apache symfony apache2 http-authentication symfony-2.3

我正在开发一个具有以下结构的网站:

public_html/
    index.php
    symfony_app/
    other_app/

目前,我在开发测试阶段拥有基本HTTP身份验证背后的站点的根目录。我无法弄清楚为什么我对有效用户(myusername)的Symfony2身份验证始终重定向到Symfony登录页面。在Symfony登录成功后的日志中

security.INFO: User "myusername" has been authenticated successfully [] []

我找到了:

security.INFO: Basic Authentication Authorization header found for user "otherusername" [] []

..这是网站根目录中.htpasswd所需的用户。因此,由于缺乏更好的术语,我似乎遇到了嵌套式http身份验证的问题。

是否有可能让一个Symfony应用程序生活在http auth后面,而不会发生两次冲突?

Security.yml 

jms_security_extra:
    secure_all_services: false
    expressions: true

security:
    encoders:
        My\UserBundle\Entity\User:
            algorithm:        sha1
            encode_as_base64: false
            iterations:       1

role_hierarchy:
    ROLE_ADMIN:  ROLE_USER

providers:
    administrators:
        entity: { class: MyUserBundle:User }

firewalls:
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    login:
        pattern:  ^/login$
        security: false

    secured_area:
        pattern:    ^/
        http_basic: ~
        form_login:
            login_path:  login
            check_path:  login_check
            always_use_default_target_path: true
        logout:
            path:   /logout
        switch_user: true
access_control:
    - { path: ^/, roles: ROLE_USER, requires_channel: https }

0 个答案:

没有答案
相关问题
最新问题