Apache 未找到Symfony 5 JWT令牌
我将docker映像与apache服务器一起使用,并尝试使用Apache 未找到Symfony 5 JWT令牌,apache,symfony,jwt,Apache,Symfony,Jwt,我将docker映像与apache服务器一起使用,并尝试使用LexikJWTAuthenticationBundle在Symfony 5上运行JWT身份验证。我按照官方文件做了以下工作: 我运行了命令:php-bin/console-lexik:jwt:generate-keypair 这给了我一个公共和私人密钥对。我确保私钥没有像我在这篇文章回答中看到的那样被加密: 以下是security.yaml的配置: security: encoders: App\Entity\
LexikJWTAuthenticationBundle
在Symfony 5上运行JWT身份验证。我按照官方文件做了以下工作:
我运行了命令:php-bin/console-lexik:jwt:generate-keypair
这给了我一个公共和私人密钥对。我确保私钥没有像我在这篇文章回答中看到的那样被加密:
以下是security.yaml
的配置:
security:
encoders:
App\Entity\User:
algorithm: bcrypt
providers:
# used to reload user from session & other features (e.g. switch_user)
database:
entity:
class: App\Entity\User
property: email
firewalls:
login:
pattern: ^/api/login
stateless: true
anonymous: true
json_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
stateless: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
api_login_check:
path: /api/login_check
lexik_jwt_authentication:
secret_key: '%env(resolve:JWT_SECRET_KEY)%'
public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
pass_phrase: '%env(JWT_PASSPHRASE)%'
# token time to live 1 hour
token_ttl: 3600
这是我的路线。yaml
:
security:
encoders:
App\Entity\User:
algorithm: bcrypt
providers:
# used to reload user from session & other features (e.g. switch_user)
database:
entity:
class: App\Entity\User
property: email
firewalls:
login:
pattern: ^/api/login
stateless: true
anonymous: true
json_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
stateless: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
api_login_check:
path: /api/login_check
lexik_jwt_authentication:
secret_key: '%env(resolve:JWT_SECRET_KEY)%'
public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
pass_phrase: '%env(JWT_PASSPHRASE)%'
# token time to live 1 hour
token_ttl: 3600
lexik\u jwt\u身份验证.yaml
:
security:
encoders:
App\Entity\User:
algorithm: bcrypt
providers:
# used to reload user from session & other features (e.g. switch_user)
database:
entity:
class: App\Entity\User
property: email
firewalls:
login:
pattern: ^/api/login
stateless: true
anonymous: true
json_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
stateless: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
api_login_check:
path: /api/login_check
lexik_jwt_authentication:
secret_key: '%env(resolve:JWT_SECRET_KEY)%'
public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
pass_phrase: '%env(JWT_PASSPHRASE)%'
# token time to live 1 hour
token_ttl: 3600
.env
:
JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
JWT_PASSPHRASE=test
通过所有这些配置,我将使用postman从用户检索令牌:
有了这个令牌,我现在正试图从api获取api/users
但是响应是401状态和JWT令牌未找到
我的apache配置是:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
为什么我可以创建一个令牌,但不能使用它来访问数据?这与
.htaccess
或000 default.conf
无关。您必须在中更改conf:/etc/apache2/apache2.conf
并在文件末尾添加setenif Authorization”(.*)“HTTP\u Authorization=$1
但是,我没有找到任何解释apache删除授权头原因的ressource