I am creating a REST-API and currently have Basic Auth defined as authentication.
Symfony firewall config:
secured_area:
pattern: ^/
anonymous: false
http_basic:
realm: "Secured Basic Auth Area"
This leads to the correct behaviour if I do an unauthenticated request I get the correct header:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="Secured Basic Auth Area"
...
But the problem is now that if I do a request via the browser i always get the Basic Auth popup being shown. To prevent this I though I could use the unauthorized_challenge config of the FOSRestBundle to change to custom authenticate challenge. Tough it does not change the returned header.
Config for rest bundle:
fos_rest:
unauthorized_challenge: "xxxBasic realm=\"Foo Area\""
access_denied_listener:
json: true
FOSRestBundle version is 1.4.2, Symfony version is 2.3.18.
Any idea what could be the problem that the FOSRestBundle setting is ignored?
Got it solved, the problem was:
I had an kernel.request listener which was throwing an AuthenticationException, this seemed to lead to the problem that further propagation of the event failed and the RestBundle listener was not properly called.
For completeness, after that got fixed I encountered another problem that the response always contained the Exception as HTML output. To solve this I also had to configure the FOSRestBundle exception controller in the Twig config.
My app/config.yml looks now like this (for the appropriate parts):
twig:
debug: "%kernel.debug%"
strict_variables: "%kernel.debug%"
# Handle expections via the FOSRestBundle
exception_controller: 'FOS\RestBundle\Controller\ExceptionController::showAction'
fos_rest:
unauthorized_challenge: "xxxBasic realm=\"Foo Area\""
access_denied_listener:
json: true