本文介绍了有没有办法有条件地应用注释?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在我的 java-play 应用程序中,我的控制器中有注释 @RequiresAuthentication(clientName = "CasClient").

In my java-play application I have the annotation @RequiresAuthentication(clientName = "CasClient") inside my controller.

我只想在我的生产环境中对用户进行身份验证.

I only want to authenticate users in my production environment.

如何有条件地应用注释?

How can I apply annotations conditionally?

如果我处理身份验证的方式是错误的,那么仅在 java play 应用程序的生产中进行 CAS 身份验证的传统方法是什么?

If the way I'm approaching authentication is wrong, what is the conventional way of doing CAS authentication only on production in a java play application?

推荐答案

您可以实施身份验证器来对用户进行身份验证.您可以在身份验证器实现中编写身份验证逻辑.

You could implement authenticators to authenticate users. you could you write your authentication logic in your authenticator implementation.

Play 已经带有内置的 authenticator 操作,我们将对其进行扩展以添加我们的逻辑.我们将此身份验证器称为安全.

Play already comes with a built in authenticator action, which we will extend to add our logic. We will call this authenticator Secured.

import play.*;
import play.mvc.*;
import play.mvc.Http.*;

import models.*;

public class Secured extends Security.Authenticator {

    @Override
    public String getUsername(Context ctx) {
        return ctx.session().get("email");
    }

    @Override
    public Result onUnauthorized(Context ctx) {
        return redirect(routes.Application.login());
    }
}

我们在这里实现了两种方法.getUsername 用于获取当前登录用户的用户名.在我们的例子中,这是 email 地址,我们在用户登录时在会话的 email 属性中设置.如果此方法返回一个值,则身份验证器认为用户已登录,并让请求继续.然而,如果该方法返回 null,则身份验证器将阻止该请求,而是调用 onUnathorized,我们已实现它以重定向到我们的登录屏幕.您可以为用户验证用户实现自己的业务逻辑.

We have implemented two methods here. getUsername is used to get the username of the current logged in user. In our case this is the email address, that we set in the email attribute in the session when the user logged in. If this method returns a value, then the authenticator considers the user to be logged in, and lets the request proceed. If however the method returns null, then the authenticator will block the request, and instead invoke onUnathorized, which we have implemented to redirect to our login screen.You could implement your own business logic for user verify user.

现在让我们使用这个验证器.在 Application.java 中,将带有我们的身份验证器的 @Security.Authenticated 注释添加到 index 方法:

Now let’s use this authenticator. In Application.java, add the @Security.Authenticated annotation with our authenticator to the index method:

import play.mvc.Controller;
import play.mvc.Result;

public class Application extends Controller {

     @Security.Authenticated(Secured.class)
      public static Result index() {
        return ok(index.render(
         Project.findInvolving(request().username()),
           Task.findTodoInvolving(request().username()),
            User.find.byId(request().username())
         ));
     }
}

Refs:Play 实现身份验证器示例

这篇关于有没有办法有条件地应用注释?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

05-18 20:54