scala - Silhouette authorization using request data

Question

I use Silhouette and Play 2.4 and I'd like to restrict actions if a SecuredRequest body contains something wrong.

I know, I should use trait Authorization as described by official docs.

I'm trying to do the following:

case class WithCheck(checkCriteria: String) extends Authorization[User, CookieAuthenticator] {
  def isAuthorized[B](user: User, authenticator: CookieAuthenticator)(implicit request: Request[B], messages: Messages) = {

    Future.successful(user.criteria == checkCriteria)
  }
}

and than

def myAction = SecuredAction(WithCheck("bar")) { implicit request =>
  val foo = ...// deserialize object from request.body
  val checkCriteria = foo.criteria 
  // do something else here
}

How can I use the checkCriteria value in the class WithCheck?

score 0 · Accepted Answer

I found a solution.

Somehow, I was blind to see that isAuthorized has the same request as an implicit parameter. So, the check could be done entirely into the isAuthorized. For example,

case class WithCheck() extends Authorization[User, CookieAuthenticator] {
  def isAuthorized[B](user: User, authenticator: CookieAuthenticator)(implicit request: Request[B], messages: Messages) = {
    val foo = upickle.read[Foo](request.body.toString())
    Future.successful(user.criteria == foo.criteria)
  }
}

scala - Silhouette authorization using request data

1 回答 1

Related

Reference