Documentation

Play libs

The play.libs package contains several useful libraries that will help you to achieve common programming tasks.

Most of these libraries are simple helpers that are really straightforward to use:

The following sections provide more information about the most important libraries.

Parsing XML using XPath

XPath is probably the easiest way to parse an XML document without having to use code generation tools. The play.libs.XPath library offers all the needed primitives to efficiently achieve this task.

The XPath operations operate on all org.w3.dom.Node types:

org.w3.dom.Document xmlDoc = … // retrieve a Document somewhere
  
for(Node event: XPath.selectNodes("events//event", xmlDoc)) {
    
    String name = XPath.selectText("name", event);
    String data = XPath.selectText("@date", event);
    
    for(Node place: XPath.selectNodes("//place", event)) {
        String place = XPath.selectText("@city", place);
        …
    }
    
    …
}

Web Service client

The play.libs.WS provides a powerful HTTP client. Under the hood it uses Async HTTP client.

Making a request is easy:

HttpResponse res = WS.url("http://www.google.com").get();

Once you have an HttpResponse object you can access all the response properties.

int status = res.getStatus();
String type = res.getContentType();

You can also retrieve the body content in several content types:

String content = res.getString();
Document xml = res.getXml();
JsonElement json = res.getJson();
InputStream is = res.getStream();

You can also use the async API to make HTTP requests in a non-blocking way. Then you will receive a Promise<HttpResponse>. Once redeemed, you can use the HttpResponse as usual:

Promise<HttpResponse> futureResponse = WS.url(
    "http://www.google.com"
).getAsync();

Functional programming with Java

The play.libs.F library provide several useful constructs coming from functional programming. These constructs are used to handle complex abstraction cases. For those that are accustomed to functional programming we provide:

Promises

A Promise is Play’s custom Future type. In fact a Promise<T> is also a Future<T> so you can use it as a standard Future. But it has also a very interesting property: the ability to register callback using onRedeem(…) that will be called as soon as the promised value is available.

Promises are used everywhere in Play in place of Future (for Jobs, WS.async, etc…).

Promises can be combined in several ways. For example:

Promise p = Promise.waitAll(p1, p2, p3)
Promise p = Promise.waitAny(p1, p2, p3)
Promise p = Promise.waitEither(p1, p2, p3)

Pattern Matching

Sometimes we feel that we need pattern matching in Java. Unfortunately Java does not have built-in pattern matching, and because of the lack of functional constructs, it is difficult to add it as a library. Anyway we’ve worked on a solution that is not so bad.

Our idea was to use the latest ‘for loop’ syntax to achieve basic pattern matching for Java. Pattern matching must both check if your object matches the required conditions and extract the interesting value. The Pattern matching library for Play is part of the play.libs.F library.

Let’s see a simple example; you have a reference of type Object and you want to check that it is a string that starts by “command:”.

The standard way would be:

Object o = anything();
 
if(o instanceof String && ((String)o).startsWith("command:")) {
    String s = (String)o;
    System.out.println(s.toUpperCase());
}

Using the Play pattern matching library, you can write it as:

for(String s: String.and(StartsWith("command:")).match(o)) {
    System.out.println(s.toUpperCase());
}

The for loop is executed once, only if the condition is met, and it automatically extracts the String value without the need for casting. Because there is no explicit cast, everything is type-safe, and checked by the compiler.

OAuth

OAuth is an open protocol for secure API authorization, using a simple and standard approach, from desktop and web applications.

Two different specifications exist: OAuth 1.0 and OAuth 2.0. Play provides libraries to connect as a consumer to services proposing either of these specifications.

The general process is the following:

The Play framework takes care of most of the process.

OAuth 1.0

The OAuth 1.0 functionality is provided by the play.libs.OAuth class and is based on oauth-signpost. It is used by services such as Twitter or Google

To connect to a service, you need the create a OAuth.ServiceInfo instance using the following information, obtained from the service provider:

The access token can be retrieved this way:

public static void authenticate() {
    // TWITTER is a OAuth.ServiceInfo object
    // getUser() is a method returning the current user 
    if (OAuth.isVerifierResponse()) {
        // We got the verifier; 
        // now get the access tokens using the request tokens
        OAuth.Response resp = OAuth.service(TWITTER).retrieveAccessToken(
            getUser().token, getUser().secret
        );
        // let's store them and go back to index
        getUser().token = resp.token; getUser().secret = resp.secret;
        getUser().save()
        index();
    }
    OAuth twitt = OAuth.service(TWITTER);
    Response resp = twitt.retrieveRequestToken();
    // We received the unauthorized tokens 
    // we need to store them before continuing
    getUser().token = resp.token; getUser().secret = resp.secret;
    getUser().save()
    // Redirect the user to the authorization page
    redirect(twitt.redirectUrl(resp.token));
}

Calls can now be done by signing the requests using the token pair:

mentions = WS.url(url).oauth(TWITTER, getUser().token, getUser().secret).get().getString();

While the example doesn’t check for errors, in production you should. The OAuth.Response object holds an error field that is non null when an error occurred. Most likely it could be that the user didn’t grant you access, that the provider is down or buggy.

The full example usage is available in samples-and-tests/twitter-oauth.

OAuth 2.0

OAuth 2.0 is much simpler than OAuth 1.0 because it doesn’t involve signing requests. It is used by Facebook and 37signals.

Functionality is provided by play.libs.OAuth2.

To connect to a service, you need the create a OAuth2 instance using the following information, obtained from the service provider:

public static void auth() {
    // FACEBOOK is a OAuth2 object
    if (OAuth2.isCodeResponse()) {
        OAuth2.Response response = FACEBOOK.retrieveAccessToken(authUrl); // authUrl must be the same as the retrieveVerificationCode call
        String accessToken = response.accessToken; // null if an error occurred
        OAuth2.Error = response.error; // null if the call was a success
        // Save accessToken, you will need it to request the service
        index();
    }
    // authUrl is a String containing an absolute URL where the service should redirect the user back
    FACEBOOK.requestVerificationCode(authUrl); // This will trigger a redirect
}

Once you have the access token associated to the current user, you can use it to query the service on behalf of the user:

WS.url(
    "https://graph.facebook.com/me?access_token=%s", access_token
).get().getJson();

The full example usage is available in samples-and-tests/facebook-oauth2.

OpenID

OpenID is an open and decentralized identity system. You can easily accept new users in your application without having to keep specific user information. You just have to keep track of authorized users through their OpenID.

This example provides a high-level view of how OpenID authentication can be used within a Play application:

The OpenID functionality is provided by the play.libs.OpenID class.

@Before(unless={"login", "authenticate"})
static void checkAuthenticated() {
    if(!session.contains("user")) {
        login();
    }
}
 
public static void index() {
    render("Hello %s!", session.get("user"));
}
     
public static void login() {
    render();
}
    
public static void authenticate(String user) {
    if(OpenID.isAuthenticationResponse()) {
        UserInfo verifiedUser = OpenID.getVerifiedID();
        if(verifiedUser == null) {
            flash.error("Oops. Authentication has failed");
            login();
        } 
        session.put("user", verifiedUser.id);
        index();
    } else {
        if(!OpenID.id(user).verify()) { // will redirect the user
            flash.error("Cannot verify your OpenID");
            login();
        } 
    }
}

And the login.html template:

#{if flash.error}
<h1>${flash.error}</h1>
#{/if}
 
<form action="@{Application.authenticate()}" method="POST">
    <label for="user">What’s your OpenID?</label>
    <input type="text" name="user" id="user" />
    <input type="submit" value="login..." />
</form>
</code>

And finally the routes definitions:

GET   /                     Application.index
GET   /login                Application.login
*     /authenticate         Application.authenticate

Continuing the discussion

Now we’ll check how to perform operations outside any HTTP request using Ansynchronous Jobs.