Play Framework
-
|
I intend to implement an audit-log for sensitive changes inside my play application, which is basically just logging but with included context information like "acting user", "remote ip", etc. I am creating a custom immutable context object that includes such values. Now the obvious way to do this with play is to instantiate the context within a Filter and add it to the request as a request attribute, and then pass the request (or just the audit-context) explicitly via method parameters to every method call. This is not really a feasible option for me, because I am not looking to change the method signatures of basically every method inside my codebase just to add an audit-context parameter. Is it an option to use the JDK25 feature ScopedValue for this? Or does play framework's stateless nature make this too error-prone? For example, inside a filter, after all the authn/authz checks have passed, I could do this: final var ctx = new AuditContext.Ctx(...);
return ScopedValue.where(AuditContext.CTX, ctx).call(() -> delegate.call(request));Then in controller methods, or other functions called within, I could access the context with: var ctx = AuditContext.CTX.get();I am not sure how Play Framework handles requests internally once they are flowing through the filters, will it use different threads for the same request if I do not explicitly run asynchronous code? I am aware that once I run asynchronous methods, that I have to pass on a copy of the context explicitly, the same goes for if I am sending messages to actors. In that case, I would of course include the context within the messages sent (if applicable). Btw. I am aware that Play has moved on from using a static request context (I think it was based on ThreadLocal) and instead instructs to pass the request explicitly via method parameters. But as mentioned above, changing all method signatures in my method call stack to include a context is something I want to work around if possible. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
|
I just realized that this probably won't work inside a filter. But would it work if I was doing it inside the controller methods which handles the request? public Result foo(final Http.Request request) {
final var ctx = new AuditContext.Ctx(...);
return ScopedValue.where(AuditContext.CTX, ctx).call(() -> {
// some code handling the request and returning a result
return ok();
});
} |
Beta Was this translation helpful? Give feedback.
-
|
I never looked into
There no guarantee that things run in the same thread. Thread switches can happen Play internally. public Result foo(final Http.Request request) {
final var ctx = new AuditContext.Ctx(...);
return ScopedValue.where(AuditContext.CTX, ctx).call(() -> {
// some code handling the request and returning a result
return ok();
});
}That should be ok, but I do not understand that sense of that. |
Beta Was this translation helpful? Give feedback.
-
|
I see, but once it reaches the controller method, I should be "safe"?
A lot of my domain logic is actually inside another project which has no dependency on Play. public Result foo(final Http.Request request) {
final var ctx = new AuditContext.Ctx(...);
return ScopedValue.where(AuditContext.CTX, ctx).call(() -> {
domainLogicStuff.a();
return ok();
});
}public class DomainLogicStuff {
public void a() {
b();
}
public void b() {
c();
}
public void c() {
var ctx = AuditContext.CTX.get();
// do stuff
}
}The I am not sure whether I'll actually go through with this idea, I just wanted to make sure if it even was an option. If I have to manually wrap the code in all controller methods (as opposed to a single filter or action) this is quite messy and still requires quite some work, but it would still help in not having to change most method signatures in my domain logic. |
Beta Was this translation helpful? Give feedback.
-
Yes, the code you posted, inside the action method, it's safe to use. It's just a block of code running and as long as you don't switch threads within the action method the code you posted is totally fine and "safe". Only after the action method exits Play takes over again and could internally switch threads. But when you exit the method you also already exited the scope as well. btw, you also need to take care to not switch threads in your However, instead of writing that code in very action method, of course it would be comfortable to just solve this once. With Play 3.0, what you can do is:
@With(AuditContextStuffAction.class)
@Target({ElementType.TYPE, ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface AuditContextStuff {
}
public class AuditContextStuffAction extends Action<AuditContextStuff> {
public CompletionStage<Result> call(Http.Request req) {
final var ctx = new AuditContext.Ctx(...);
return ScopedValue.where(AuditContext.CTX, ctx).call(() -> delegate.call(req));
}
}and, depending on the config @Something
@SomethingElse
@AuditContextStuffAction // Here if play.http.actionComposition.controllerAnnotationsFirst is false (default) + Needs to be last!
public class Admin extends Controller {
@Something
@SomethingElse
@AuditContextStuffAction // OR (!) here if play.http.actionComposition.controllerAnnotationsFirst is true + Needs to be last!
public Result foo(final Http.Request request) {
domainLogicStuff.a();
return ok();
}
}this way you make sure that Now... Here is the catch: That only works, if you have not set Option 2: Talking about action creators... Instead of using annotations, with the need of putting them on either each action method or each controller class, you can solve that even more general by creating your own public class MyActionCreator implements play.http.ActionCreator {
@Override
public Action createAction(Http.Request request, Method actionMethod) {
return new Action.Simple() {
@Override
public CompletionStage<Result> call(Http.Request req) {
final var ctx = new AuditContext.Ctx(...);
return ScopedValue.where(AuditContext.CTX, ctx).call(() -> delegate.call(req));
}
};
}
}and set it via and make sure that which is the default anyway. Now again, just before your controller's action methods run, the action creator's action will be called where you set up your scope. But again only if Now, thinking about all of that, for me it seems running body parsing in between the action creator's action method and a controller's action method is a flaw IMHO. It should be ("annotions" ->) "deferredbodyparsing" ->"actioncreator" -> "controlleraction". That way, the action creator will always run after body parsing happend, no matter if |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for this thorough and very practical answer Matthias. I think this answers all my questions and uncertainties. Highly appreciate it. |
Beta Was this translation helpful? Give feedback.
Yes, the code you posted, inside the action method, it's safe to use. It's just a block of code running and as long as you don't switch threads within the action method the code you posted is totally fine and "safe". Only after the action method exits Play takes over again and could internally switch threads. But when you exit the method you also already exited the scope as well. btw, you also need to take care to not switch threads in your
DomainLogicStuffand then try to access the ScopedValue from such a different thread as well of course (but I guess you know that ;)However, instead of writing that code in very a…