Object

play.api.mvc

Security

Related Doc: package mvc

Permalink

object Security

Helpers to create secure actions.

Source
Security.scala
Linear Supertypes
AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. Security
  2. AnyRef
  3. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Type Members

  1. class AuthenticatedBuilder[U] extends ActionBuilder[[A]AuthenticatedRequest[A, U], AnyContent]

    Permalink

    An authenticated action builder.

    An authenticated action builder.

    This can be used to create an action builder, like so:

    class UserAuthenticatedBuilder (parser: BodyParser[AnyContent])(implicit ec: ExecutionContext)
      extends AuthenticatedBuilder[User]({ req: RequestHeader =>
      req.session.get("user").map(User)
    }, parser) {
      @Inject()
      def this(parser: BodyParsers.Default)(implicit ec: ExecutionContext) = {
        this(parser: BodyParser[AnyContent])
      }
    }

    You can then use the authenticated builder with other action builders, i.e. to use a messagesApi with authentication, you can add:

     class AuthMessagesRequest[A](val user: User,
                                 messagesApi: MessagesApi,
                                 request: Request[A])
    extends MessagesRequest[A](request, messagesApi)
    
    class AuthenticatedActionBuilder(val parser: BodyParser[AnyContent],
                                     messagesApi: MessagesApi,
                                     builder: AuthenticatedBuilder[User])
                                    (implicit val executionContext: ExecutionContext)
        extends ActionBuilder[AuthMessagesRequest, AnyContent] {
      type ResultBlock[A] = (AuthMessagesRequest[A]) => Future[Result]
    
      @Inject
      def this(parser: BodyParsers.Default,
               messagesApi: MessagesApi,
               builder: UserAuthenticatedBuilder)(implicit ec: ExecutionContext) = {
        this(parser: BodyParser[AnyContent], messagesApi, builder)
      }
    
      def invokeBlock[A](request: Request[A], block: ResultBlock[A]): Future[Result] = {
        builder.authenticate(request, { authRequest: AuthenticatedRequest[A, User] =>
          block(new AuthMessagesRequest[A](authRequest.user, messagesApi, request))
        })
      }
    }
  2. class AuthenticatedRequest[A, U] extends WrappedRequest[A]

    Permalink

    An authenticated request

Value Members

  1. final def !=(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any
  2. final def ##(): Int

    Permalink
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any
  4. def Authenticated[A](userinfo: (RequestHeader) ⇒ Option[A], onUnauthorized: (RequestHeader) ⇒ Result)(action: (A) ⇒ EssentialAction): EssentialAction

    Permalink

    Wraps another action, allowing only authenticated HTTP requests.

    Wraps another action, allowing only authenticated HTTP requests. Furthermore, it lets users to configure where to retrieve the user info from and what to do in case unsuccessful authentication

    For example:

     //in a Security trait
     def username(request: RequestHeader) = request.session.get("email")
     def onUnauthorized(request: RequestHeader) = Results.Redirect(routes.Application.login)
     def isAuthenticated(f: => String => Request[AnyContent] => Result) = {
       Authenticated(username, onUnauthorized) { user =>
         Action(request => f(user)(request))
       }
     }
    //then in a controller
    def index = isAuthenticated { username => implicit request =>
        Ok("Hello " + username)
    }
    A

    the type of the user info value (e.g. String if user info consists only in a user name)

    userinfo

    function used to retrieve the user info from the request header

    onUnauthorized

    function used to generate alternative result if the user is not authenticated

    action

    the action to wrap

  5. object AuthenticatedBuilder

    Permalink
  6. def WithAuthentication[A](userinfo: (RequestHeader) ⇒ Option[A])(action: (A) ⇒ EssentialAction): EssentialAction

    Permalink
  7. final def asInstanceOf[T0]: T0

    Permalink
    Definition Classes
    Any
  8. def clone(): AnyRef

    Permalink
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  9. final def eq(arg0: AnyRef): Boolean

    Permalink
    Definition Classes
    AnyRef
  10. def equals(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any
  11. def finalize(): Unit

    Permalink
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )
  12. final def getClass(): Class[_]

    Permalink
    Definition Classes
    AnyRef → Any
  13. def hashCode(): Int

    Permalink
    Definition Classes
    AnyRef → Any
  14. final def isInstanceOf[T0]: Boolean

    Permalink
    Definition Classes
    Any
  15. final def ne(arg0: AnyRef): Boolean

    Permalink
    Definition Classes
    AnyRef
  16. final def notify(): Unit

    Permalink
    Definition Classes
    AnyRef
  17. final def notifyAll(): Unit

    Permalink
    Definition Classes
    AnyRef
  18. final def synchronized[T0](arg0: ⇒ T0): T0

    Permalink
    Definition Classes
    AnyRef
  19. def toString(): String

    Permalink
    Definition Classes
    AnyRef → Any
  20. final def wait(): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  21. final def wait(arg0: Long, arg1: Int): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  22. final def wait(arg0: Long): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

Deprecated Value Members

  1. def Authenticated(action: (String) ⇒ EssentialAction): EssentialAction

    Permalink

    Wraps another action, allowing only authenticated HTTP requests.

    Wraps another action, allowing only authenticated HTTP requests.

    The user name is retrieved from the (configurable) session cookie, and added to the HTTP request’s username attribute. In case of failure it returns an Unauthorized response (401)

    For example:

     //in a Security trait
     def isAuthenticated(f: => String => Request[AnyContent] => Result) = {
       Authenticated { user =>
         Action(request => f(user)(request))
       }
     }
    //then in a controller
    def index = isAuthenticated { username => implicit request =>
        Ok("Hello " + username)
    }
    action

    the action to wrap

    Annotations
    @deprecated
    Deprecated

    (Since version 2.6.0) Use Authenticated(RequestHeader => Option[String])(String => EssentialAction)

  2. lazy val username: String

    Permalink

    Key of the username attribute stored in session.

    Key of the username attribute stored in session.

    Annotations
    @deprecated
    Deprecated

    (Since version 2.6.0) Security.username is deprecated.

Inherited from AnyRef

Inherited from Any

Ungrouped