Symfony2 in_memory users provider issue

2019-04-09 12:37发布

问题:

I have a Symfony2 application that loads users from in_memory user provider. The security.yml is the following:

security:
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        in_memory:
            users:
                admin: { password: mypassword, roles: [ 'ROLE_ADMIN' ] }

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

        login:
            pattern:  ^/demo/secured/login$
            security: false

        secured_area:
            pattern:    ^/
            anonymous: ~
            http_basic:
                realm: "MyApp Realm - Login"

    access_control:
        #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
        #- { path: ^/_internal, roles: IS_AUTHENTICATED_ANONYMOUSLY, ip: 127.0.0.1 }
        - { path: ^/subscription/show, roles: ROLE_ADMIN }
        - { path: ^/send, roles: ROLE_ADMIN }

In my local development environment (a Mac Book Pro) this configuration works as expected. When I go to routes _/send_ or _/subscription/show_, Symfony asks me for login and if I enter credentials admin and mypassword I can view pages correctly.

But in production environment (a Debian server) I have to perform login to see that routes but the same username and password doesn't work! The HTTP basic authentication login prompt never go away! I can't understand.

Why that configuration doesn't work? And overall why in my local environment it works and in the production environment it doesn't?

I also see a question I suppose it is related to: Symfony2 plaintext users don't work. I already tried all suggestions listed there but any of them solve the problem.

回答1:

Solved!

The problem was that production environments runs PHP in FastCGI and with such configuration you have to add the following line to .htaccess, in order to have http basic authentication via PHP working:

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Bye!