开发者

@Check does not work when action is called from other action

问答 作者:

I have an action in Controller that is secured with @Check annotation.

@With(Secure.class)
public class Application extends Controller {

    @Check("adm开发者_如何学编程in")
    public static void securedMethod() {
        //secured code
    }

When I call this action from browser, it calls boolean check(String profile) from Security class. But when I call this action from another action:

Application.securedMethod();

it just calls secured code, omitting Security.check() call. I thought, @Check should not allow execution of securedMethod() unless Security.check() return true. Any ideas how can I make it behave like this?

The reason is the way the Secure controller works. The @Check annotation is only validated at the beginning of a request, via a method annotated with @Before. You can see how it's done in the sample code.

Usually it should not be a problem as you should not call a method with bigger restrictions from a method with less security restrictions (as it may lead to security issues). In your case you should validate the workflow you are using, as you may want to avoid that call.

继续阅读:playframeworksecurity

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9