我已经编写了一个类似于docs中所述的自定义主体解析器,并编写了一个安全类型ActionRefiner,它可以转换为我的UserRequest或返回错误:
button {
display: none;
}
.row:hover button {
display: block;
}
用法:
val userRefiner = new ActionRefiner[Request, UserRequest] {
override protected def refine[A](request: Request[A]) = ???
override protected def executionContext = ???
}
def roleFilter(role: Role) = new ActionFilter[UserRequest] {
override protected def filter[A](request: UserRequest[A]) = ???
override protected def executionContext = ???
}
def UserAction(role: Role): ActionBuilder[UserRequest, AnyContent] = {
deps.cc.actionBuilder.andThen(userRefiner).andThen(roleFilter(role))
}
我遇到的问题是主体解析器在ActionRefiner之前执行,因此我在拒绝之前实质上是在处理请求。
处理此问题的正确方法是什么?我想要某种仅使用HTTP标头而不使用主体的ActionTransformer
答案 0 :(得分:0)
请考虑定义一个单独的身份验证操作,该操作将使用BodyParsers.utils.ignore忽略主体,然后将其与应该在身份验证后执行的其他操作组合在一起。也许像这样
class Auth @Inject()(val parser: BodyParser[AnyContent] = BodyParsers.utils.ignore(AnyContentAsEmpty: AnyContent))(implicit val executionContext: ExecutionContext)
extends ActionBuilder[Request, AnyContent]
with ActionFilter[Request] {
def filter[A](request: Request[A]) = Future.successful {
if (/* check request.headers */)
Some(Forbidden)
else
None
}
}
val userAction = DefaultActionBuilder(controllerComponents.parsers.anyContent) andThen (new Auth(BodyParsers.utils.ignore(AnyContentAsEmpty: AnyContent))) andThen ...
def someRoute = userAction { implicit request => ... }