Php 在Rest API中使用HTTPBearerAuth时,Yii2访问控制提供禁止403
我正在使用HTTPBearerAuth在我的基本控制器上进行身份验证Php 在Rest API中使用HTTPBearerAuth时,Yii2访问控制提供禁止403,php,rest,yii2,yii2-validation,Php,Rest,Yii2,Yii2 Validation,我正在使用HTTPBearerAuth在我的基本控制器上进行身份验证 public function behaviors() { $behaviors['authenticator'] = [ 'class' => CompositeAuth::className(), 'authMethods' => [ HttpBearerAuth::className(), ], ]; retur
public function behaviors()
{
$behaviors['authenticator'] = [
'class' => CompositeAuth::className(),
'authMethods' => [
HttpBearerAuth::className(),
],
];
return $behaviors;
}
在my UserController上扩展基本控制器并使用AccessControl
允许来宾用户访问登录
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['access'] = [
'class' => AccessControl::className(),
'only' => ['login', 'logout', 'signup'],
'rules' => [
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['logout'],
'allow' => true,
'roles' => ['@'],
],
],
];
$behaviors['verbs'] = [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
];
return $behaviors;
}
当我尝试在没有身份验证详细信息的情况下访问登录时,我会
{
"name": "Unauthorized",
"message": "You are requesting with an invalid credential.",
"code": 0,
"status": 401,
"type": "yii\web\UnauthorizedHttpException"
}
{
"name": "Forbidden",
"message": "You are not allowed to perform this action.",
"code": 0,
"status": 403,
"type": "yii\web\ForbiddenHttpException"
}
未经授权的401。通过身份验证详细信息,我可以
{
"name": "Unauthorized",
"message": "You are requesting with an invalid credential.",
"code": 0,
"status": 401,
"type": "yii\web\UnauthorizedHttpException"
}
{
"name": "Forbidden",
"message": "You are not allowed to perform this action.",
"code": 0,
"status": 403,
"type": "yii\web\ForbiddenHttpException"
}
为什么我会这样?您可以取出AccessControl并在子行为中使用HTTPBearerAuth,只使用
或而不使用
public function behaviors()
{
$behaviors = parent::behaviors();
//authentication only applies to actionIndex in child controller
$behaviors['authenticator']['only'][] = 'index';
return $behaviors;
}