Intercepting requests

最新推荐文章于 2022-12-28 17:10:43 发布
转载 最新推荐文章于 2022-12-28 17:10:43 发布 · 489 阅读 · 0

本文详细介绍了如何在Play框架中利用过滤器拦截请求,实现跨切面关注点的处理,包括创建自定义过滤器、集成过滤器到全局对象以及在特定操作前验证权限等应用实例。通过深入探讨请求头标签提供的信息,以及如何在请求处理前执行业务逻辑,为开发者提供了一套灵活且高效的请求拦截与授权机制。

Intercepting requests

Using Filters

The filter component allows you to intercept requests coming to the application, transform request and responses. Filters provide a nice ability to implement cross-cutting concerns of your application. You can create a filter by extending the Filter trait and then add the filter to Global object. The following example creates an access log filter that logs the result of all the actions:

import play.api.Logger
import play.api.mvc._

object AccessLoggingFilter extends Filter {
  def apply(next: (RequestHeader) => Future[Result])(request: RequestHeader): Future[Result] = {
    val result = next(request)
    Logger.info(request + "\n\t => " + result)
    result
  }
}

object Global extends WithFilters(AccessLoggingFilter)

The Global object extends the WithFilters class that allows you to pass one more filters to form a filter chain.

Note WithFilters now extends the GlobalSettings trait

Here is another example where filter is very useful, check authorization before invoking certain actions:

object AuthorizedFilter {
  def apply(actionNames: String*) = new AuthorizedFilter(actionNames)
}

class AuthorizedFilter(actionNames: Seq[String]) extends Filter {

  def apply(next: (RequestHeader) => Future[Result])(request: RequestHeader): Future[Result] = {
    if(authorizationRequired(request)) {
      /* do the auth stuff here */
      println("auth required")
      next(request)
    }
    else next(request)
  }

  private def authorizationRequired(request: RequestHeader) = {
    val actionInvoked: String = request.tags.getOrElse(play.api.Routes.ROUTE_ACTION_METHOD, "")
    actionNames.contains(actionInvoked)
  }


}


object Global extends WithFilters(AuthorizedFilter("editProfile", "buy", "sell")) with GlobalSettings {}

Tip RequestHeader.tags provides lots of useful information about the route used to invoke the action.

Overriding onRouteRequest

One another important aspect of the Global object is that it provides a way to intercept requests and execute business logic before a request is dispatched to an Action.

Tip This hook can be also used for hijacking requests, allowing developers to plug-in their own request routing mechanism.

Let’s see how this works in practice:

import play.api._
import play.api.mvc._

// Note: this is in the default package.
object Global extends GlobalSettings {

  override def onRouteRequest(request: RequestHeader): Option[Handler] = {
    println("executed before every request:" + request.toString)
    super.onRouteRequest(request)
  }

}

It’s also possible to intercept a specific Action method, using Action composition .

Next: Testing your application

Manning.Spring.in.Action.4th.Edition.2014.11.epub
06-25
9.3. Intercepting requests 9.3.1. Securing with Spring Expressions 9.3.2. Enforcing channel security 9.3.3. Preventing cross-site request forgery 9.4. Authenticating users 9.4.1. Adding a custom login...
spring-framework-reference4.1.4
12-15
Not Using Commons Logging ................................................................... 12 Using SLF4J ..............................................................................................
Burpsuite【十二模块一次解决】【这都不看?】Filter、Target、Scanner、Proxy、Intruder、Repeater、Sequencer、Decoder、Comparer…
03-22 6185
【一个星期成果】Filter、Target、Scanner、Proxy、Intruder、Repeater、Sequencer、Decoder、Comparer、Extender、Project Options、User options
Hetian lab day 6 burpsuit 实战(实验二)
喵喵喵
07-09 498
文章目录Part 1 MIME上传绕过实例step 1 环境配置Part 4 课后习题 Part 1 MIME上传绕过实例 step 1 环境配置 1、设置代理 2、访问10.1.1.59:81,用户名是admin,密码是password。然后打开burp,在dvwa中访问SQLinjection,截获的数据包如下。 3、单击右键选择send to spider,切换到Spider模块下,bu...
privoxy Invalid header received from client.
热门推荐
friendan的专栏
10-12 1万+
今天使用privoxy代理出现如下错误: Invalid header received from client. 解决方法: 在proxy.exe配置文件config.txt中加入如下配置项即可: accept-intercepted-requests 1 --------------------------- 官方对该参数的解释如下: . accept-inter
拦截请求
weixin_30823227的博客
10-06 340
const puppeteer = require('puppeteer'); puppeteer.launch().then(async browser => { const page = await browser.newPage(); //设置启用拦截 await page.setRequestInterception(true); page.on('requ...
对 requestDisallowInterceptTouchEvent() 方法的理解
韭菜鲜肉大馄饨的专栏
02-16 2902
一、ViewGroup#dispatchTouchEvent() ViewGroup#dispatchTouchEvent() // 处理第一个 down if (actionMasked == MotionEvent.ACTION_DOWN) { // 当开始一个新的触摸手势时,丢弃所有以前的状态 cancelAndClearTouchTargets(ev); // 清除所有接触目...
【Chrome Extension】Chrome插件升级Manifest V3记录
qq_40436793的博客
12-28 4290
banner调试插件升级Manifest V3记录
CDN Glossary
FeelTouch Labs
09-11 1425
What is caching? Caching is the process of storing copies of files in a cache, or temporary storage location, so that they can be accessed more quickly. Technically, a cache is any temporary storage ...
swift 导入_如何将Swift URLRequests导入邮递员
weixin_26638123的博客
07-25 354
swift 导入Postman is a simple tool to create and fire API requests. In this article, I will be sharing how we can capture Swift URLRequests fired from our iOS application and import them into Postman. T...
ctfshow web329
03-14
- Utilize tools like Burp Suite for intercepting requests and analyzing responses. - Test various payloads targeting suspected vulnerable parameters. ```python import requests def test_sql_injection...
ctfshow web24
02-20
- Utilize tools like Burp Suite for intercepting requests/responses during interaction sessions between client browsers and server endpoints. Upon successful exploitation, contestants should be able ...
hack the box Fishy HTTP
03-09
- Utilize tools like Burp Suite Professional Edition for intercepting requests/responses between client browsers and target servers while modifying them accordingly before forwarding back again. ...
用Python设计自主学习系统后端【附万字论文+PPT+包部署+录制讲解视频】.zip
最新发布
09-11
标题基于Python的自主学习系统后端设计与实现AI更换标题第1章引言介绍自主学习系统的研究背景、意义、现状以及本文的研究方法和创新点。1.1研究背景与意义阐述自主学习系统在教育技术领域的重要性和应用价值。1.2国内外研究现状分析国内外在自主学习系统后端技术方面的研究进展。1.3研究方法与创新点概述本文采用Python技术栈的设计方法和系统创新点。第2章相关理论与技术总结自主学习系统后端开发的相关理论和技术基础。2.1自主学习系统理论阐述自主学习系统的定义、特征和理论基础。2.2Python后端技术栈介绍DjangoFlask等Python后端框架及其适用场景。2.3数据库技术讨论关系型和非关系型数据库在系统中的应用方案。第3章系统设计与实现详细介绍自主学习系统后端的设计方案和实现过程。3.1系统架构设计提出基于微服务的系统架构设计方案。3.2核心模块设计详细说明用户管理、学习资源管理、进度跟踪等核心模块设计。3.3关键技术实现阐述个性化推荐算法、学习行为分析等关键技术的实现。第4章系统测试与评估对系统进行功能测试和性能评估。4.1测试环境与方法介绍测试环境配置和采用的测试方法。4.2功能测试结果展示各功能模块的测试结果和问题修复情况。4.3性能评估分析分析系统在高并发等场景下的性能表现。第5章结论与展望总结研究成果并提出未来改进方向。5.1研究结论概括系统设计的主要成果和技术创新。5.2未来展望指出系统局限性并提出后续优化方向。
MIDI简谱播放器1.2程序代码QZQ-2025-9-11.txt
09-11
MIDI简谱播放器1.2程序代码QZQ-2025-9-11.txt
【scratch2.0少儿编程-游戏原型-动画-项目源码】02让角色动一动.zip
09-11
资源说明: 1:本资料仅用作交流学习参考,请切勿用于商业用途。 2:一套精品实用scratch2.0少儿编程游戏、动画源码资源,无论是入门练手还是项目复用都超实用,省去重复开发时间,让开发少走弯路! 更多精品资源请访问 https://blog.youkuaiyun.com/ashyyyy/article/details/146464041
【scratch3.0少儿编程-游戏原型-动画-项目源码】长方形面积.zip
09-11
资源说明: 1:本资料仅用作交流学习参考,请切勿用于商业用途。 2:一套精品实用scratch3.0少儿编程游戏、动画源码资源,无论是入门练手还是项目复用都超实用,省去重复开发时间,让开发少走弯路! 更多精品资源请访问 https://blog.youkuaiyun.com/ashyyyy/article/details/146464041
玩Android小程序V3_0版本全面重构升级项目_专注于提供安卓开发学习资源的微信小程序平台_包含首页Banner展示热门文章推荐热搜排行榜常用网站导航文章搜索功能体系分类浏览公.zip
09-11
玩Android小程序V3_0版本全面重构升级项目_专注于提供安卓开发学习资源的微信小程序平台_包含首页Banner展示热门文章推荐热搜排行榜常用网站导航文章搜索功能体系分类浏览公.zip
【scratch3.0少儿编程-游戏原型-动画-项目源码】海底世界.zip
09-11
资源说明: 1:本资料仅用作交流学习参考,请切勿用于商业用途。 2:一套精品实用scratch3.0少儿编程游戏、动画源码资源,无论是入门练手还是项目复用都超实用,省去重复开发时间,让开发少走弯路! 更多精品资源请访问 https://blog.youkuaiyun.com/ashyyyy/article/details/146464041
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值