请求标头包缺少Symfony 2中的授权标头？

Question

我正在尝试在Symfony 2中实现自定义身份验证提供程序.我正在使用Fiddler发送测试请求并打印所有标头服务器端; 好吧,Authorization标题丢失了.

难道我做错了什么？

GET /RESTfulBackend/web/index.php HTTP/1.1
Authorization: FID 44CF9590006BF252F707:jZNOcbfWmD/
Host: localhost
User-Agent: Fiddler
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: it-it,it;q=0.8,en-us;q=0.5,en;q=0.3

Listener只打印标题并退出:

class HMACListener implements ListenerInterface
{
    private $securityContext;

    private $authenticationManager;

    public function handle(GetResponseEvent $event)
    {
        $request = $event->getRequest();
        print_r($request->headers->all()); 
        die();
     }
}

响应缺少Authorization标题:

Array
(
    [host] => Array
        (
            [0] => localhost
        )
    [user-agent] => Array
        (
            [0] => Fiddler
        )
    [accept] => Array
        (
            [0] => text/html,application/xhtml+xml,application/xml
        )
    [accept-language] => Array
        (
            [0] => it-it,it;q=0.8,en-us;q=0.5,en;q=0.3
        )
)

Answer 1

您必须将此代码添加到虚拟主机

    RewriteEngine On
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

在Virtualhost标记中工作,而不是在Directory标记中.

Answer 2

Akambi的回答对我不起作用,但在php网站上找到了这个答案:

"在CGI/FastCGI Apache下缺少授权标头的解决方法:

SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

现在,如果客户端发送Authorization标头,PHP应该自动声明$ _SERVER [PHP_AUTH_*]变量."

谢谢derkontrollfreak + 9hy5l!

Answer 3

经过验证的解决方案当时对我有用,可以获得Authorization标题.但是,当传入请求中没有时,它会生成一个空的Authorization标头.这就是我解决它的方式:

RewriteEngine On
RewriteCond %{HTTP:Authorization} .+
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Answer 4

在编写带有自定义Authorization标头的公共API时遇到了同样的问题.要修复HeaderBag我使用的监听器:

namespace My\Project\Frontend\EventListener;

use Symfony\Component\HttpFoundation\HeaderBag;

use Symfony\Component\HttpKernel\Event\GetResponseEvent;

/**
 * Listener for the REQUEST event. Patches the HeaderBag because the
 * "Authorization" header is not included in $_SERVER
 */
class AuthenticationHeaderListener
{
    /**
     * Handles REQUEST event
     *
     * @param GetResponseEvent $event the event
     */
    public function onKernelRequest(GetResponseEvent $event)
    {
        $this->fixAuthHeader($event->getRequest()->headers);
    }
    /**
     * PHP does not include HTTP_AUTHORIZATION in the $_SERVER array, so this header is missing.
     * We retrieve it from apache_request_headers()
     *
     * @param HeaderBag $headers
     */
    protected function fixAuthHeader(HeaderBag $headers)
    {
        if (!$headers->has('Authorization') && function_exists('apache_request_headers')) {
            $all = apache_request_headers();
            if (isset($all['Authorization'])) {
                $headers->set('Authorization', $all['Authorization']);
            }
        }
    }
}

并将其绑定到kernel.request服务定义中:

services:
  fix_authentication_header_listener:
    class: My\Project\Frontend\EventListener\AuthenticationHeaderListener
    tags:
      - { name: kernel.event_listener, event: kernel.request, method: onKernelRequest, priority: 255 }

Answer 5

授权标头用于http基本认证,如果不是有效格式,则由apache丢弃.尝试使用其他名称.

Answer 6

Another option that worked for Apache 2.4 when other options did not was to set the CGIPassAuth option in the relevant <Directory> context, like this:

CGIPassAuth On

根据文档，自Apache 2.4.13起可用。