I am writing a Play application where I will need authentication, which another web application will also handle. Therefore, when a user enters another web application, he must also enter the Play application.
To implement security on Play, I used the instructions in the documentation of the Play Framework: http://www.playframework.com/documentation/2.0.1/ScalaSecurity
My idea of how to perform external authentication is for another application to make an ajax call to enter the Play application, as I thought it would write a session cookie for the user. But that does not work. I still have to log in manually when in the Play app.
Here is my controller:
val loginForm = Form( tuple( "username" -> nonEmptyText, "password" -> nonEmptyText) verifying("Invalid email or password!", result => result match { case (email, password) => Admin.authenticate(email, password) })) def jsLogin = Action { implicit request => { loginForm.bindFromRequest.fold( formWithErrors => BadRequest(toJson("Unauthorized!")), user => { Ok(toJson("Ok")).withHeaders( ACCESS_CONTROL_ALLOW_ORIGIN -> "*", ACCESS_CONTROL_ALLOW_METHODS -> "POST", ACCESS_CONTROL_MAX_AGE -> "300", ACCESS_CONTROL_EXPOSE_HEADERS -> "Origin, X-Requested-With, Content-Type, Accept" ).withSession("email" -> user._1) }) } }
And here is the code I used for testing:
$.ajax({ type: "POST", url: "http://localhost:9000/jsLogin", data: { username: "username", password: "password" } })
After debugging, I know that the jsLogin method works fine, and it logs in the user, and the response gets approval for the ajax method. But when I try to access my game application, it still asks me to enter the system manually.
Is there any inconvenient way to get the user to log in from the outside?