Clever Geek Handbook

How to implement security authorization with scala and play?

I am using scala and downloading a framework. I want to use replay security authorization in my application.

I previously implemented it in a project using java and played like this:

public class Secured extends Security.Authenticator {
    private static String EMAIL = "Email";
  private static String U_COOKIE = "ucookie";
    public String getUsername(Context ctx) {
        String decodedText = null;
        String CHARSET = "ISO-8859-1";
        Cookies cookies = play.mvc.Controller.request().cookies();
        try {
            Cookie emailCookie = cookies.get(EMAIL);
      Cookie uCookie = cookies.get(U_COOKIE);
      if (uCookie !=null && uCookie.value() != null) {
    String userId = uCookie.value();
      }
            if (emailCookie != null && emailCookie.value() != null) {
                String email = emailCookie.value();
                try {
                    decodedText = new String(Base64.decodeBase64(email.getBytes(CHARSET)));
                } catch (UnsupportedEncodingException e) {
                    e.printStackTrace();
                }
            }
        } catch (Exception e) {
            Logger.error(e.getMessage());
        }
        return decodedText;
    }

    public Result onUnauthorized(Context ctx) {
        String done = play.mvc.Controller.request().path();
        return redirect(routes.RegController.signIn(done));
    }
}

and i have used above authorization in all my method using

@Security.Authenticated(Secured.class)

Before any of my methods in my application.

When I call any method @ before that method calls the protected class and authenticates the user.

Now I want to implement the same using scala. Below are my questions ....

1) Can @ methods be used to inherit and invoke a protected class?

2) What is the correct method to invoke replay security authentication?

PS I want to use cookies to implement security authentication / authorization.

Any help or workaround would be of great help.

+3


source to share


1 answer


If you are building a production app: Don't do this

Use one of the many frameworks:

They are also a great starting point for finding best practices.

If you want to do this mostly for learning and there are no real security concerns:



https://www.playframework.com/documentation/2.3.x/ScalaActionsComposition

Look for the auth header , it gives some information on how to do this.

To authenticate before any method, you can use a Filter to intercept the request:

https://www.playframework.com/documentation/2.3.x/ScalaInterceptors

+9


source






More articles:


All Articles