o

play.api.mvc

Security

object Security

Helpers to create secure actions.

Source
Security.scala
Linear Supertypes
AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. Security
  2. AnyRef
  3. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Type Members

  1. class AuthenticatedBuilder[U] extends [[A]AuthenticatedRequest[A, U], AnyContent]

    An authenticated action builder.

    An authenticated action builder.

    This can be used to create an action builder, like so:

    class UserAuthenticatedBuilder (parser: BodyParser[AnyContent])(implicit ec: ExecutionContext)
  extends AuthenticatedBuilder[User]({ req: RequestHeader =>
  req.session.get("user").map(User)
}, parser) {
  @Inject()
  def this(parser: BodyParsers.Default)(implicit ec: ExecutionContext) = {
    this(parser: BodyParser[AnyContent])
  }
}

    You can then use the authenticated builder with other action builders, i.e. to use a messagesApi with authentication, you can add:

     class AuthMessagesRequest[A](val user: User,
                             messagesApi: MessagesApi,
                             request: Request[A])
extends MessagesRequest[A](request, messagesApi)

class AuthenticatedActionBuilder(val parser: BodyParser[AnyContent],
                                 messagesApi: MessagesApi,
                                 builder: AuthenticatedBuilder[User])
                                (implicit val executionContext: ExecutionContext)
    extends ActionBuilder[AuthMessagesRequest, AnyContent] {
  type ResultBlock[A] = (AuthMessagesRequest[A]) => Future[Result]

  @Inject
  def this(parser: BodyParsers.Default,
           messagesApi: MessagesApi,
           builder: UserAuthenticatedBuilder)(implicit ec: ExecutionContext) = {
    this(parser: BodyParser[AnyContent], messagesApi, builder)
  }

  def invokeBlock[A](request: Request[A], block: ResultBlock[A]): Future[Result] = {
    builder.authenticate(request, { authRequest: AuthenticatedRequest[A, User] =>
      block(new AuthMessagesRequest[A](authRequest.user, messagesApi, request))
    })
  }
}
  2. class AuthenticatedRequest[+A, U] extends WrappedRequest[A]

    An authenticated request

Value Members

  1. def Authenticated[A](userinfo: (RequestHeader) => Option[A], onUnauthorized: () => Result)(action: (A) => EssentialAction): EssentialAction

    Wraps another action, allowing only authenticated HTTP requests.

    Wraps another action, allowing only authenticated HTTP requests. Furthermore, it lets users to configure where to retrieve the user info from and what to do in case unsuccessful authentication

    For example:

     //in a Security trait
 def username(request: RequestHeader) = request.session.get("email")
 def onUnauthorized(request: RequestHeader) = Results.Redirect(routes.Application.login)
 def isAuthenticated(f: => String => Request[AnyContent] => Result) = {
   Authenticated(username, onUnauthorized) { user =>
     Action(request => f(user)(request))
   }
 }
//then in a controller
def index = isAuthenticated { username => implicit request =>
    Ok("Hello " + username)
}
    A

    the type of the user info value (e.g. String if user info consists only in a user name)

    userinfo

    function used to retrieve the user info from the request header

    onUnauthorized

    function used to generate alternative result if the user is not authenticated

    action

    the action to wrap

  2. def WithAuthentication[A](userinfo: (RequestHeader) => Option[A])(action: (A) => EssentialAction): EssentialAction
  3. object AuthenticatedBuilder