CSRF†
基本的に form で POST したり GET でも引数に値を入れて副作用を起こすものには導入すること
build.sbt
filters,
追加
Global.java
@Override
@SuppressWarnings({"rawtypes", "unchecked"})
public <T extends EssentialFilter> Class<T>[] filters() {
Class[] filters = {
CSRFFilter.class
};
return filters;
}
CSRF フィルターを拡張したい場合やカスタムフィルタを作りたい場合
Filter のクラスを作成して filters に追加する
scala で書く場合†
filters/CSRFFilterEx.scala
package filters
import javax.inject.{ Provider, Inject }
import play.api.mvc._
import play.filters.csrf.CSRF._
class CSRFFilterEx(
config: => CSRFConfig,
val tokenProvider: TokenProvider = SignedTokenProvider,
val errorHandler: ErrorHandler = CSRF.DefaultErrorHandler
) extends EssentialFilter {
@Inject
def this(config: Provider[CSRFConfig], tokenProvider: TokenProvider, errorHandler: ErrorHandler) = {
this(config.get, tokenProvider, errorHandler)
}
def this() = this(CSRFConfig.global, new ConfigTokenProvider(CSRFConfig.global), DefaultErrorHandler)
def apply(next: EssentialAction): EssentialAction = new CSRFAction(next, config, tokenProvider, errorHandler)
}
object CSRFFilterEx {
def apply(
config: => CSRFConfig = CSRFConfig.global,
tokenProvider: TokenProvider = new ConfigTokenProvider(CSRFConfig.global),
errorHandler: ErrorHandler = DefaultErrorHandler
): CSRFFilter = {
new CSRFFilterEx(config, tokenProvider, errorHandler)
}
}
java で書く場合†
filters/JavaFilter.java
package filters;
import play.api.mvc.*;
import scala.Function1;
import scala.concurrent.Future;
import scala.runtime.AbstractFunction1;
public abstract class JavaFilter implements Filter {
@Override
public Future<SimpleResult> apply(
Function1<RequestHeader, Future<SimpleResult>> nextFilter,
RequestHeader requestHeader) {
return nextFilter
.apply(requestHeader)
.map(new AbstractFunction1<SimpleResult, SimpleResult>() {
@Override
public SimpleResult apply(SimpleResult currentResult) {
return Apply(currentResult, requestHeader);
}
},
play.api.libs.concurrent.Execution.defaultContext());
}
@Override
public EssentialAction apply(EssentialAction next) {
return Filter$class.apply(this, next);
}
public abstract SimpleResult Apply(SimpleResult currentResult, RequestHeader requestHeader);
}
実装
filters/HelloFilter.java
package filters;
import play.api.mvc.*;
public class HelloFilter extends JavaFilter {
@Override
public SimpleResult Apply(SimpleResult currentResult, RequestHeader requestHeader) {
System.out.println(requestHeader.path());
return currentResult;
}
}