All geek questions in one place

Play framework - user authentication

I tried the security module guide for Play! 1.2.3. The authentication mechanism is quite simple and simple.

I have a question. If I want to implement custom authentication, is it possible to configure a security module, or do I need to write code from scratch?

For example, I want to authenticate a request header parameter, what should I do?

+4
source share
3 answers

The protected module is tiny: you can get all the code from this module, put it in your application and configure it however you want

+1
source

If you want to do more, you can write a plugin. You can see an example of my permsec-module , which, unfortunately, is still under development, but should contain everything you need. See Specially PsecPlugin .

+1
source

You can do something similar for basic auth in your controller using the @Before annotation. Then, in the request method, simply check if the account argument is set.

 @Before static void checkAuth() { // Get auth header Header auth = request.headers.get("authorization"); if (auth == null) return; // Get basic auth value String authValue = auth.value(); if (authValue == null) return; // Split header components String[] authComp = authValue.split(" "); if (authComp.length != 2) return; // Decode base64 auth string String basic = new String(Codec.decodeBASE64(authComp[1])); String[] userPass = basic.split(":"); if (userPass.length != 2) return; // Try to fetch account String email = userPass[0]; String pass = userPass[1]; String passSHA1 = Codec.hexSHA1(pass); List<models.Account> accounts = models.Account.find("email password", email, passSHA1).asList(); if (accounts.size() != 1) return; // Set account on request request.args.put("_authenticatedUser", accounts.get(0)); }
+1
source

Source: https://habr.com/ru/post/1383835/

More articles:


All Articles