forked from t2v/play2-auth
-
Notifications
You must be signed in to change notification settings - Fork 0
Advanced: Action composition
milo-minderbender edited this page Aug 17, 2012
·
2 revisions
Suppose you want to validate a token at every action in order to defeat a [Cross Site Request Forgery](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) attack.
Since it is impractical to perform the validation in all actions, usually you would define a method like this:
object Application extends Controller {
// Other settings are omitted.
val tokenForm = Form("token" -> text)
private def validateToken(request: Request[AnyContent]): Boolean = (for {
tokenInForm <- tokenForm.bindFromRequest(request).value
tokenInSession <- request.session.get("token")
} yield tokenInForm == tokenInSession).getOrElse(false)
private def validAction(f: Request[AnyContent] => Result) = Action { request =>
if (validateToken(request)) f(request)
else BadRequest
}
def page1 = validAction { request =>
// do something
Ok(html.page1("result"))
}
def page2 = validAction { request =>
// do something
Ok(html.page2("result"))
}
}