[英]How to secure APIs in Scala
在Java @Security.Authenticated(Secured.class)
和getUsername
和Secured.java
文件中的onUnauthorized
方法中實現時,請使用以下類。 但是如何在Scala中做同樣的事情?
我已經在Play框架項目中使用Secured
特性完成了此任務:
package controllers
import play.api.mvc._
trait Secured {
/**
* Retrieve the connected user login.
*/
private def username(request: RequestHeader) = request.session.get("login")
/**
* Redirect to login if the user in not authorized.
*/
private def onUnauthorized(request: RequestHeader) = Results.Redirect(routes.Application.login)
/**
* Action for authenticated users.
*/
def IsAuthenticated(f: => String => Request[AnyContent] => Result) = Security.Authenticated(username, onUnauthorized) {
user =>
Action(request => f(user)(request))
}
}
上面的Application
是身份驗證控制器:
package controllers
import play.api.mvc._
import play.api.data._
import play.api.data.Forms._
import models._
import views._
object Application extends Controller {
val loginForm = Form(
tuple(
"login" -> text,
"password" -> text
) verifying("Invalid user or password", result => result match {
case (login, password) => User.authenticate(login, password).isDefined
})
)
/**
* Login page.
*/
def login = Action { implicit request =>
Ok(html.login(loginForm))
}
/**
* Handle login form submission.
*/
def authenticate = Action { implicit request =>
loginForm.bindFromRequest.fold(
formWithErrors => BadRequest(html.login(formWithErrors)),
user => Redirect(routes.Home.index()).withSession("login" -> user._1)
)
}
/**
* Logout and clean the session.
*/
def logout = Action {
Redirect(routes.Home.index()).withNewSession.flashing(
"success" -> "You've been logged out"
)
}
}
然后是一個安全頁面控制器的示例:
package controllers
import play.api.mvc._
import models._
import views._
import play.api.Logger
object MyPage extends Controller with Secured {
def index() = IsAuthenticated { username => implicit request =>
Ok(
html.mypage(
User.findByUsername(username)
)
)
}
}
User
是案例類,僅使用anorm從DB加載數據。 最后, routes
的相關部分:
# Authentication
GET /login controllers.Application.login()
POST /login controllers.Application.authenticate()
GET /logout controllers.Application.logout()
# MyPage
GET /mypage controllers.MyPage.index()
login.scala.html
兩個html模板: login.scala.html
和mypage.scala.html
但我不在這里顯示。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.