I try to make a website with play with a m开发者_开发知识库ember and a non member area. So i have controllers with member and non-member methods. But i can only make the whole controller secure [@With(Secure.class)]. Is it possibly to make only a few methods secure and access the others without a login?
Thanks
Yes, you can, although it will require some tweaking on the Secure class. If you check @Secure it has a method annotated with @Before. As per documentation you can indicate which methods the @Before is applied to and for which ones it is skipped.
@Before(unless="login")
So it would be a matter of not running @Before on the public methods. Be aware it may not work properly using @With and you may need to create your own @Before in the controller that manages the security (calling the proper methods in secure).
But it would be simpler to just have 2 controllers, one for secure users and one for public methods.
You can use the deadbolt module which is quite powerful: http://www.playframework.org/modules/deadbolt
Yes, you can to this. Remove @With annotation and use this method of Secure controller when you want restrict access to connected user :
Secure.checkAccess();
With this method, you can even use @Check annotation. Example :
@Check("member")
public static void restrictedAction() {
Secure.checkAccess();
...
}
No, there is no simple way to do this. You can check roles, but not connected user, visitor.
You would have to add @Before
annotations and that is going to be a little complicated. Simply break up your controller into several controllers. It is by the way, functionnaly better to do it that way, rather than mix up public/private methods.
精彩评论