使用请求数据的剪影授权
Silhouette authorization using request data
我使用 Silhouette 和 Play 2.4,如果 SecuredRequest 正文有问题,我想限制操作.
我知道,我应该使用 official docs 描述的特征 Authorization。
我正在尝试执行以下操作:
case class WithCheck(checkCriteria: String) extends Authorization[User, CookieAuthenticator] {
def isAuthorized[B](user: User, authenticator: CookieAuthenticator)(implicit request: Request[B], messages: Messages) = {
Future.successful(user.criteria == checkCriteria)
}
}
比
def myAction = SecuredAction(WithCheck("bar")) { implicit request =>
val foo = ...// deserialize object from request.body
val checkCriteria = foo.criteria
// do something else here
}
如何在 class WithCheck 中使用 checkCriteria 值?
我找到了解决办法。
不知怎的,我瞎了眼看到isAuthorized和隐式参数一样有request。因此,检查可以完全在 isAuthorized 中完成。例如,
case class WithCheck() extends Authorization[User, CookieAuthenticator] {
def isAuthorized[B](user: User, authenticator: CookieAuthenticator)(implicit request: Request[B], messages: Messages) = {
val foo = upickle.read[Foo](request.body.toString())
Future.successful(user.criteria == foo.criteria)
}
}
我使用 Silhouette 和 Play 2.4,如果 SecuredRequest 正文有问题,我想限制操作.
我知道,我应该使用 official docs 描述的特征 Authorization。
我正在尝试执行以下操作:
case class WithCheck(checkCriteria: String) extends Authorization[User, CookieAuthenticator] {
def isAuthorized[B](user: User, authenticator: CookieAuthenticator)(implicit request: Request[B], messages: Messages) = {
Future.successful(user.criteria == checkCriteria)
}
}
比
def myAction = SecuredAction(WithCheck("bar")) { implicit request =>
val foo = ...// deserialize object from request.body
val checkCriteria = foo.criteria
// do something else here
}
如何在 class WithCheck 中使用 checkCriteria 值?
我找到了解决办法。
不知怎的,我瞎了眼看到isAuthorized和隐式参数一样有request。因此,检查可以完全在 isAuthorized 中完成。例如,
case class WithCheck() extends Authorization[User, CookieAuthenticator] {
def isAuthorized[B](user: User, authenticator: CookieAuthenticator)(implicit request: Request[B], messages: Messages) = {
val foo = upickle.read[Foo](request.body.toString())
Future.successful(user.criteria == foo.criteria)
}
}