curl命令检查FOSRestBundle中的身份验证?

时间:2014-04-16 10:01:19

标签: rest authentication curl basic-authentication fosuserbundle

FOSRestBundle在我的项目中完美运行但没有验证。现在,我的目标是通过身份验证发出请求。

为此,我在security.yml

中添加了此防火墙 
firewalls:
    # ...    
    rest_api:
        pattern: ^/api/
        stateless: true
        http_basic:
            provider: fos_userbundle
    # ...    
access_control:
    # ...    
    - { path: ^/api/, role: IS_AUTHENTICATED_FULLY }

为了检查这个,我使用了这个shell命令:

curl -i http://localhost/tuto/web/app_dev.php/api/test/1

结果是:

HTTP/1.1 302 Found
Date: Fri, 11 Apr 2014 13:56:08 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.4.9-4ubuntu2.4
Set-Cookie: PHPSESSID=4dtr168vmj1eg523a07kbkjkh1; path=/
Cache-Control: no-cache
Location: http://localhost/tuto/web/app_dev.php/login
Vary: Accept-Language
X-Debug-Token: 220df7
Transfer-Encoding: chunked
Content-Type: application/json

<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <meta http-equiv="refresh" content="1;url=http://localhost/tuto/web/app_dev.php/login" />

        <title>Redirecting to http://localhost/tuto/web/app_dev.php/login</title>
    </head>
    <body>
        Redirecting to <a href="http://localhost/tuto/web/app_dev.php/login">http://localhost/tuto/web/app_dev.php/login</a>.
    </body>
</html>

如您所见,返回的代码是302 FOUND,因为当我使用FOSUserBundle时,URL被重定向到http://localhost/tuto/web/app_dev.php/login

现在,我想检查一下authenfication是否运行良好。我试过这个:curl -i http://localhost/tuto/web/app_dev.php/api/test/1 --user user:password但我仍然有302个FOUND。

我也试过这个curl -i -H 'Accept:application/json' -H 'Authorization:Basic username:password' http://localhost/tuto/web/app_dev.php/api/test/1,但我仍然有302个FOUND。

那么有没有提出curl命令来检查我的REST api中的auth?

谢谢,

注意:我在许多链接中尝试过解决方案,例如:basic authorization command for curl

1 个答案:

答案 0 :(得分:1)

找到解决方案!

您所要做的就是:

  1. 像这样更改防火墙:

    2. 防火墙:

    # ...    
rest_api:
    # pattern: ^/api/ # to be changed as in the next line
    pattern: /api/.*  # the correct way
    stateless: true
    http_basic:
        provider: fos_userbundle
    # ...    
access_control:
    # ...    
    # - { path: ^/api/, role: IS_AUTHENTICATED_FULLY } # to be removed
    1. 对于curl命令,它必须是这样的:

      2. curl -i -H 'Accept:application/json' -H 'Authorization:Basic YW1pbmU6c3RpZ21hdGFn' http://localhost/tuto/web/app_dev.php/api/test/1

      其中YW1pbmU6c3RpZ21hdGFn是base64中编码'user:password'的结果。

      希望它能帮助别人。

相关问题
最新问题