自分のドメインで/ adminの下に非常に基本的なダイジェスト認証を設定しようとしています(実際はサブドメインです)。私は私のbootstrap.php
で認証手順を登録します。Zendダイジェスト/基本認証が失敗し続ける
protected function _initAdminArea()
{
//setup protected area
$config = array(
'accept_schemes' => 'digest',
'realm' => 'administration',
'digest_domains' => '/admin',
'nonce_timeout' => 3600
);
$authAdapter = new Zend_Auth_Adapter_Http($config);
$digestResolver = new Zend_Auth_Adapter_Http_Resolver_File(APPLICATION_PATH . '/../data/admins.txt');
$authAdapter->setDigestResolver($digestResolver);
//set storage
$storage = new Zend_Auth_Storage_NonPersistent();
Zend_Auth::getInstance()->setStorage($storage);
//dispatch auth adapter using plugin
$loader = new Zend_Loader_PluginLoader(array('Application_Plugin' => APPLICATION_PATH . '/plugins'), 'auth');
$AdminAuth = $loader->load('AdminAuth');
$auth = new $AdminAuth($authAdapter);
//register plugin
Zend_Controller_Front::getInstance()->registerPlugin($auth);
}
その後、私はプラグインAdminAuth.php
を使用して、すべての要求にログインするユーザーを要求します。
require_once 'Zend/Auth.php';
require_once 'Zend/Controller/Plugin/Abstract.php';
require_once 'Zend/Auth/Adapter/Interface.php';
class Application_Plugin_AdminAuth extends Zend_Controller_Plugin_Abstract
{
/**
* The HTTP Auth adapter
*/
protected $adapter;
/**
* Constructor
*
* @param Zend_Auth_Adapter_Interface
*/
public function __construct(Zend_Auth_Adapter_Interface $adapter)
{
$this->adapter = $adapter;
}
/**
* Dispatch Loop Startup hook
*
* Called before Zend_Controller_Front enters its dispatch loop. This uses
* the authentication adapter to check if the user submitted valid login
* credentials. If not, the request is changed to point to the
* authenticateAction, instead of the requested action.
*
* @param Zend_Controller_Request_Abstract $request
*/
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
$this->adapter->setRequest($this->_request);
$this->adapter->setResponse($this->_response);
$result = $this->adapter->authenticate();
if (!$result->isValid()) {
echo 'auth failure';
}
}
}
これは正常に動作するようです。ただし、認証は常に失敗します。私はクライアントとサーバーのMD5ハッシュを何度もチェックしており、正しいものです。これはadmins.txtのようなものです:
peter:administration:1f7758428f7646706dbdcfe8d754427a
ダイジェストを基本認証に変更し、MD5ハッシュをプレーンテキストに変更しようとしました。ただし、認証はまだ失敗します。
私は私のコンソールで次のコマンドを実行すると:
curl --digest -u peter:password http://sub.domain.com/admin -v
を私は次のような出力が得られます。
* About to connect() to sub.domain.com port 80 (#0)
* Trying 83.96.149.65... connected
* Connected to sub.domain.com (83.96.149.65) port 80 (#0)
* Server auth using Digest with user 'peter'
> GET /admin HTTP/1.1
> User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: sub.domain.com
> Accept: */*
>
< HTTP/1.1 401 Authorization Required
< Date: Mon, 25 Jul 2011 14:04:38 GMT
< Server: Apache/2.2.19 (Unix)
< X-Powered-By: PHP/5.2.17
< Www-Authenticate: Digest realm="administration", domain="/admin", nonce="3f624929a274a868c0fc0188a3c49c8e", opaque="d75db7b160fe72d1346d2bd1f67bfd10", algorithm="MD5", qop="auth"
< X-Powered-By: PleskLin
< Content-Length: 1630
< Connection: close
< Content-Type: text/html
<
* Closing connection #0
* Issue another request to this URL: 'http://sub.domain.com/admin'
* About to connect() to sub.domain.com port 80 (#0)
* Trying 83.96.149.65... connected
* Connected to sub.domain.com (83.96.149.65) port 80 (#0)
* Server auth using Digest with user 'peter'
> GET /admin HTTP/1.1
> Authorization: Digest username="peter", realm="administration", nonce="3f624929a274a868c0fc0188a3c49c8e", uri="/admin", cnonce="MDA5ODU4", nc=00000001, qop="auth", response="28a907e1fe4b537264695bd456512f65", opaque="d75db7b160fe72d1346d2bd1f67bfd10", algorithm="MD5"
> User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: sub.domain.com
> Accept: */*
>
< HTTP/1.1 401 Authorization Required
< Date: Mon, 25 Jul 2011 14:04:38 GMT
< Server: Apache/2.2.19 (Unix)
< X-Powered-By: PHP/5.2.17
* Authentication problem. Ignoring this.
< Www-Authenticate: Digest realm="administration", domain="/admin", nonce="3f624929a274a868c0fc0188a3c49c8e", opaque="d75db7b160fe72d1346d2bd1f67bfd10", algorithm="MD5", qop="auth"
< X-Powered-By: PleskLin
< Content-Length: 1630
< Connection: close
< Content-Type: text/html
<
auth failure
は特にAuthentication problem. Ignoring this.
の点に注意してください誰もが間違って行くことができるかの手掛かりを持っていますか?私は、提供されたユーザー資格情報が正しいことを100%確信しています(大文字などもチェックしました)。