我正在用symfony制作一个API,并试图实现一个认证系统来限制某些路由的使用。
使用Postman,我可以以用户身份登录,之后我可以为用户使用受限路由并且它可以工作,它会返回一个令牌:
[邮递员结果][1]
但是当我尝试从我的客户端(在 js 中)建立连接时,日志记录会向我返回一条带有我的令牌的成功消息:
Succes
Object { token: "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpYXQiOjE1NDc2NDI1OTgsImV4cCI6MTU0NzY0NjE5OCwicm9sZXMiOlsiUk9MRV9BRE1JTiJdLCJ1c2VybmFtZSI6ImFkbWluQGFkbWluLnJvb3QifQ.XK3DRjxom1AwJe7hCh7xM43Y1SbpHrRNvSmu26oH_c0xJib5Rp3AkVcoY6-F8Flb3R3dICs4OPqckhCtT-GbPFO5WjFamCXhVEKQd5m3s90Kbsb0e3WPtbpuzfMdZzYf5QTRnydugzzhtb4HPzKch94zDDyEoTc-NbgwQSjycXW3NN8b_gWjKquUjwvIopyYtHlc3rsQKZp6pWbT-MZ0GvcpVHCQb0ce-yXYOwJb92qmPMh0pUFuTZWt33SayyX0yIRjDxCWk9QM9-ZtqntojtI_z5nNWeetoFstReY9W5aGsSpmXV-HD3xNftWsDfnKxv07mnvQ_GrNtgWtcRQ-2oTmdvV-0Sxkw_fNLnwjyUrF8wL38aEH7q7E2yXhtH5lLj_lXmf64o0DXih6Po6JlXDB4KTLKdpWvzIGAu0-R0atYyAnW14H-OjUIvdkN2q_3DZQ2F6VUJHrb0GAb04QUufrSbXVrWuZcD7PMuaw7iks8jpa6y6DuSiPKeE721OdKr3j5CWXXZ6htQ5sQT01FrZEcnY9ojT302AodkHFmSiqgUmpvQpNwSFhEfwWJQDDJY835Y7SyN-rwLprTaWgrWxiCa7E21PkWLD9f-9KZzwrHjWdN9Os_Tu2_oA2cGcBVzp7vG3Vo2iyn6SNFb075U4MiVMSWvGkcYuf2_Mav04" }
但是当我尝试为用户使用受限路由时,我不能。我有这个:
Success:
{"error":{"code":401,"message":"Unauthorized","exception":[{"message":"Full authentication is required to access this resource.","class":"Symfony\Component\HttpKernel\Exception\HttpException","trace":[{"namespace":"","short_class":"","class":"","type":"","function":"","file":"/home/nolan/testprojetphp/php-projet-lp/vendor/symfony/security-http/Firewall/ExceptionListener.php","line":175,"args":[]},{"namespace":"Symfony\Component\Security\Http\Firewall","short_class":"ExceptionListener","class":"Symfony\Component\Security\Http\Firewall\ExceptionListener","type":"->","function":"startAuthentication","file":"/home/nolan/testprojetphp/php-projet-lp/vendor/symfony/security-http/Firewall/ExceptionListener.php","line":130,"args":[["object","Symfony\Component\HttpFoundation\Request"],["object","Symfony\Component\Security\Core\Exception\InsufficientAuthenticationException"]]},{"namespace":"Symfony\Component\Security\Http\Firewall","short_class":"ExceptionListener","class…
来自我的客户端的正常请求如下所示:
function ajaxSupprimer(url) {
fetch(url, {
method: 'DELETE',
}).then(refresh);
这是我的安全文件:
security:
encoders:
AppEntityUssers: bcrypt
providers:
our_db_provider:
entity:
class: AppEntityUssers
property: email
firewalls:
login:
pattern: ^/
stateless: true
anonymous: true
json_login:
check_path: /login
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
logout:
path: security_logout
api:
pattern: ^/
stateless: true
lexik_jwt:
authorization_header: # check token in Authorization Header
enabled: true
prefix: Bearer
throw_exceptions: false # When an authentication failure occurs, return a 401 response immediately
create_entry_point: true # When no authentication details are provided, create a default entry point that returns a 401 response
authentication_provider: lexik_jwt_authentication.security.authentication.provider
role_hierarchy:
ROLE_ADMIN: ROLE_USER
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
access_control:
# Les regles de securité
# Là dans ce cas seul les utilisateurs ayant le rôle ROLE_ADMIN
# peuvent acceder à toutes les pages commençant par /admin
- { path: '^/admin', roles: ROLE_ADMIN }
- { path: '^/user', roles: ROLE_USER }
我解决了问题
在这种情况下,请求可能会function ajaxSupprimer(url) {
fetch(url, {
method: 'DELETE',
headers: new Headers({
''Authorization': 'Bearer '+mytoken,
'Content-Type': 'application/json'
}),
}).then(refresh);
我已经看到,对于您正在使用的身份验证提供程序,密钥是"授权"