我在一个简单的CakePHP 2.0应用程序中设置了基本身份验证.我首先将应用程序设置为使用常规表单身份验证,然后将以下行添加到AppController.php的beforeFilter()中以启用基本的HTTP身份验证：

$this-> Auth-> authenticate = array(‘Basic’);

这是完整的AppController：

<?php
class AppController extends Controller {

    public $components = array(
            "Session",
            "Auth" => array(
                'loginRedirect' => array('controller'=>'users','action'=>'index'),
                'logoutRedirect' => array('controller'=>'users','action'=>'index'),
                'authError' => "You are not authorized to view this page.",
                'authorize' => array('Controller'),
        )
    );

    public function isAuthorized($user) {
        return true;
    }

    public function beforeFilter() {
        parent::beforeFilter();
        $this->Auth->allow('index','view');
        $this->set('logged_in', $this->Auth->loggedIn());
        $this->set('current_user',$this->Auth->user());
        $this->Auth->authenticate = array('Basic');
    }
}
?>

理想情况下,我希望整个应用程序中只有一个特定的控制器(将公开用于移动设备的API的控制器)仅使用基本HTTP身份验证,其余的控制器则表现得像普通的Web应用程序.

当前,如果我将不正确的凭据传递给控制器​​,则在我真的希望将HTTP 401传递回时,会收到HTTP 302响应.我怎样才能做到这一点？

*为错字编辑

解决方法:

public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow('index','view');
    $this->set('logged_in', $this->Auth->loggedIn());
    $this->set('current_user',$this->Auth->user());
    if($this->name == 'Specific') {
            // for the specific controller
            $this->Auth->authenticate = array('Basic');
    } else {
            // everything else
    }
}

结帐KVZ的rest插件可能会很有趣
https://github.com/kvz/cakephp-rest-plugin