在Scala Play应用程序中实现“记住我”功能时,我们遇到这样一种情况:用户使用现有Cookie登录,试图访问敏感操作,例如使用付款方式左右。为了避免小偷偷走cookie并想要这样做的潜在风险,我们具有“ SUDO”角色或更像是一种限制,并且代码如下所示:
@Restrict(@Group(Application.USER_ROLE))
public Result restrictedForbidCookie() {
final User localUser = this.userProvider.getUser(session());
if(auth.isAuthorizedWithCookie(ctx())) {
ctx().flash().put("error", "Please type password again to access requested page");
return redirect(this.auth.getResolver().relogin());
}
return ok(restrictedForbidCookie.render(this.userProvider, localUser));
}
我很想替换为:
@Restrict(@Precheck(Application.USER_ROLE && Application.SUDO_CHECK))
public Result restrictedForbidCookie() {
final User localUser = this.userProvider.getUser(session());
return ok(restrictedForbidCookie.render(this.userProvider, localUser));
}
和“ Precheck”是可重复使用的注释类“禁止cookie Sudo检查”代码,该代码在做样板的地方:
if(auth.isAuthorizedWithCookie(ctx())) {
ctx().flash().put("error", "Please type password again to access requested page");
return redirect(this.auth.getResolver().relogin());
}
如何最好地使用Deadbolt2涵盖此用例?