Play Framework Basic Auth User does not change sessions
I am trying to implement Basic Auth with a replay framework.
public class BasicAuth extends Action.Simple {
private static final String REALM = "Authorisation Needed";
private static final String AUTHORISATION = "authorization";
private static final String WWW_AUTHENTICATE = "WWW-Authenticate";
private static final F.Promise<Result> UNAUTHORISED = F.Promise.pure((Result) unauthorized());
@Override
public F.Promise<Result> call(Http.Context context) throws Throwable {
Optional<String> auth_header = Optional.ofNullable(context.request().getHeader(AUTHORISATION));
if (!auth_header.isPresent()) {
context.response().setHeader(WWW_AUTHENTICATE, REALM);
return UNAUTHORISED;
}
String encoded_credentials = auth_header.get().substring(6);
byte[] decoded_credentials = Base64.getDecoder().decode(encoded_credentials);
String[] credentials = new String(decoded_credentials, "UTF-8").split(":");
if (credentials == null || credentials.length != 2) {
return UNAUTHORISED;
}
User user = authorise(credentials);
if (user == null) {
return UNAUTHORISED;
}
context.session().put("email", user.getEmail());
return delegate.call(context);
}
private User authorise(String[] credentials) {
String username = credentials[0];
String password = credentials[1];
return User.find.where().eq("email", username).eq("password", password).findUnique();
}
}
But the user doesn't change the requests. That is, I log in with Joe Bloggs after initializing the server and returns Joe as the current user.
Next query I am logged in with Bill Gates and he returns Joe Bloggs as the current user.
I am returning an email stored in a session in a controller like this:
User logged_user = UserDao.findByEmail(context.session().get("email"));
I really need to fix this. Any help please?
+3
Ed stephenson
source
to share
No one has answered this question yet
Check out similar questions:
241
202
85
54
2
1
0
0
0
0