3

我正在使用 HTTPBearerAuth 在我的基本控制器上进行身份验证

public function behaviors()
{
    $behaviors['authenticator'] = [
        'class' => CompositeAuth::className(),
        'authMethods' => [
            HttpBearerAuth::className(),
        ],
    ];

    return $behaviors;
}

在我的 UserController 上扩展基本控制器并AccessControl用于允许来宾用户访问登录。

public function behaviors()
{
    $behaviors = parent::behaviors();

    $behaviors['access'] = [
        'class' => AccessControl::className(),
        'only' => ['login', 'logout', 'signup'],
        'rules' => [
            [
                'actions' => ['login'],
                'allow' => true,
                'roles' => ['?'],
            ],
            [
                'actions' => ['logout'],
                'allow' => true,
                'roles' => ['@'],
            ],
        ],
    ];

    $behaviors['verbs'] = [
        'class' => VerbFilter::className(),
        'actions' => [
            'logout' => ['post'],
        ],
    ];

    return $behaviors;
}

当我尝试在没有身份验证详细信息的情况下访问登录时,我得到

{
  "name": "Unauthorized",
  "message": "You are requesting with an invalid credential.",
  "code": 0,
  "status": 401,
  "type": "yii\web\UnauthorizedHttpException"
}

未经授权的 401。使用身份验证详细信息,我得到

{
  "name": "Forbidden",
  "message": "You are not allowed to perform this action.",
  "code": 0,
  "status": 403,
  "type": "yii\web\ForbiddenHttpException"
}

为什么我会得到这个?

4

1 回答 1

0

only您可以使用或取出 AccessControl 并在子行为中使用 HTTPBearerAuth except

public function behaviors()
{
    $behaviors = parent::behaviors();
    //authentication only applies to actionIndex in child controller
    $behaviors['authenticator']['only'][] = 'index';

    return $behaviors;
}
于 2015-10-29T18:06:33.293 回答