我在我的应用程序中设置了这样的身份验证,当提供用户名并且API密钥为123时总是允许:
object Auth {
def IsAuthenticated(block: => String => Request[AnyContent] => Result) = {
Security.Authenticated(RetrieveUser, HandleUnauthorized) { user =>
Action { request =>
block(user)(request)
}
}
}
def RetrieveUser(request: RequestHeader) = {
val auth = new String(base64Decode(request.headers.get("AUTHORIZATION").get.replaceFirst("Basic", "")))
val split = auth.split(":")
val user = split(0)
val pass = split(1)
Option(user)
}
def HandleUnauthorized(request: RequestHeader) = {
Results.Forbidden
}
def APIKey(apiKey: String)(f: => String => Request[AnyContent] => Result) = IsAuthenticated { user => request =>
if(apiKey == "123")
f(user)(request)
else …