播放:如果动作代码没有被执行,如何防止主体解析器被调用
Play: How to prevent the body parser from being invoked in case the action code does not get executed
我创建了一个自定义 Action 来防止未经授权的用户访问受保护的功能:
class SecureAction extends ActionBuilder[SecureRequest] {
def invokeBlock[A](request: Request[A], block: SecureRequest[A] => Future[Result]) = {
...
future.flatMap {
case token if (!isAuthorized(token)) =>
Logger.info(s"request ${request.path} not authorized: user ${token.username} does not have required privileges")
Future.successful(Unauthorized(error(requestNotAuthorized))))
case ...
}
}
}
如果当前用户未被授权,则SecureAction returns Unauthorized 并且永远不会执行提供的操作代码。下面是我的 Controller 的样子:
object MyController extends Controller {
...
def saveFile = SecureAction.async(fsBodyParser) { implicit request =>
// code here not executed if current user has not required privileges
...
}
}
问题是,即使当前用户未被授权并且 SecureAction returns Unauthorized 没有执行操作代码,主体解析器仍然会被调用...这不是我所期待的。
也就是说,问题是:在 SecureAction returns Unauthorized 的情况下,如何防止调用主体解析器(即 fsBodyParser)?
看看 EssentialAction (https://www.playframework.com/documentation/2.2.x/api/scala/index.html#play.api.mvc.EssentialAction)
如您所见,这是 EssentialAction 的定义:
trait EssentialAction extends (RequestHeader) ⇒ Iteratee[Array[Byte], SimpleResult] with Handler
所以,如果你想在请求头级别进行操作,首选EssentialActions。与 Action/ActionBuilders 不同,它们不需要与 BodyParsers 交互。
值得一提的是@marius-soutier 的精彩 post:http://mariussoutier.com/blog/2013/09/17/playframework-2-2-action-building-action-composition/
我创建了一个自定义 Action 来防止未经授权的用户访问受保护的功能:
class SecureAction extends ActionBuilder[SecureRequest] {
def invokeBlock[A](request: Request[A], block: SecureRequest[A] => Future[Result]) = {
...
future.flatMap {
case token if (!isAuthorized(token)) =>
Logger.info(s"request ${request.path} not authorized: user ${token.username} does not have required privileges")
Future.successful(Unauthorized(error(requestNotAuthorized))))
case ...
}
}
}
如果当前用户未被授权,则SecureAction returns Unauthorized 并且永远不会执行提供的操作代码。下面是我的 Controller 的样子:
object MyController extends Controller {
...
def saveFile = SecureAction.async(fsBodyParser) { implicit request =>
// code here not executed if current user has not required privileges
...
}
}
问题是,即使当前用户未被授权并且 SecureAction returns Unauthorized 没有执行操作代码,主体解析器仍然会被调用...这不是我所期待的。
也就是说,问题是:在 SecureAction returns Unauthorized 的情况下,如何防止调用主体解析器(即 fsBodyParser)?
看看 EssentialAction (https://www.playframework.com/documentation/2.2.x/api/scala/index.html#play.api.mvc.EssentialAction)
如您所见,这是 EssentialAction 的定义:
trait EssentialAction extends (RequestHeader) ⇒ Iteratee[Array[Byte], SimpleResult] with Handler
所以,如果你想在请求头级别进行操作,首选EssentialActions。与 Action/ActionBuilders 不同,它们不需要与 BodyParsers 交互。
值得一提的是@marius-soutier 的精彩 post:http://mariussoutier.com/blog/2013/09/17/playframework-2-2-action-building-action-composition/