Question

我正在跨所有请求实施全局过滤器，以识别发出请求的用户是否经过身份验证，如果没有将其发送到登录屏幕。

我的Global对象扩展了使用身份验证过滤器的WithFilters类：

object Global extends WithFilters(AuthenticationFilter()) { }

我的身份验证过滤器：

class AuthenticationFilter  extends Filter {
  def apply(next: (RequestHeader) => Future[Result])(request: RequestHeader): Future[Result] = {
    println("this is the request that will be filtered: " + request)
    if (!authenticated) 
      // How do i send the request to the login Action?
    else 
      next(request)
  }
}

object AuthenticationFilter {
  def apply(actionNames: String*) = new AuthenticationFilter()
}

我的问题是如何将未经身份验证的用户发送到登录操作/路线？

Answer 1

为安全路线创建特征。在未经身份验证的请求进入重定向时，在该特征中：

trait Secured {

/**    
 * Retrieve the connected user name from the request header.  
 */   
private def username(request: RequestHeader) = request.session.get("username")

/**    
 * Redirect to login if the user in not authorized.    
 */
private def onUnauthorized(request: RequestHeader) = Results.Redirect(routes.Application.login)


/**    
 * Action for authenticated users.    
 */   
def IsAuthenticated(f: => String => Request[AnyContent] => Result) = Security.Authenticated(username, onUnauthorized) { user =>
  Action(request => f(user)(request))   
}


}

现在定义您想要保护的任何控制器以扩展该特征，并且将发送未经身份验证的请求：

object Index extends Controller with Secured

将未经身份验证的请求发送到不同的操作路由

1 个答案: