How to implement security authorization with scala and play?
I am using scala and downloading a framework. I want to use replay security authorization in my application.
I previously implemented it in a project using java and played like this:
public class Secured extends Security.Authenticator {
private static String EMAIL = "Email";
private static String U_COOKIE = "ucookie";
public String getUsername(Context ctx) {
String decodedText = null;
String CHARSET = "ISO-8859-1";
Cookies cookies = play.mvc.Controller.request().cookies();
try {
Cookie emailCookie = cookies.get(EMAIL);
Cookie uCookie = cookies.get(U_COOKIE);
if (uCookie !=null && uCookie.value() != null) {
String userId = uCookie.value();
}
if (emailCookie != null && emailCookie.value() != null) {
String email = emailCookie.value();
try {
decodedText = new String(Base64.decodeBase64(email.getBytes(CHARSET)));
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
}
} catch (Exception e) {
Logger.error(e.getMessage());
}
return decodedText;
}
public Result onUnauthorized(Context ctx) {
String done = play.mvc.Controller.request().path();
return redirect(routes.RegController.signIn(done));
}
}
and i have used above authorization in all my method using
@Security.Authenticated(Secured.class)
Before any of my methods in my application.
When I call any method @ before that method calls the protected class and authenticates the user.
Now I want to implement the same using scala. Below are my questions ....
1) Can @ methods be used to inherit and invoke a protected class?
2) What is the correct method to invoke replay security authentication?
PS I want to use cookies to implement security authentication / authorization.
Any help or workaround would be of great help.
source to share
If you are building a production app: Don't do this
Use one of the many frameworks:
- Deadbolt2: https://github.com/schaloner/deadbolt-2
- SecureSocial: http://www.securesocial.ws/
- Silhouette: http://silhouette.mohiva.com/
They are also a great starting point for finding best practices.
If you want to do this mostly for learning and there are no real security concerns:
https://www.playframework.com/documentation/2.3.x/ScalaActionsComposition
Look for the auth header , it gives some information on how to do this.
To authenticate before any method, you can use a Filter to intercept the request:
https://www.playframework.com/documentation/2.3.x/ScalaInterceptors
source to share