root/play/play.api/play.api.mvc/Security

Security

play.api.mvc.Security

object Security

Helpers to create secure actions.

Attributes

Graph
Supertypes: class Object

trait Matchable

class Any
Self type: Security.type

Members list

Type members

Classlikes

An authenticated action builder.

This can be used to create an action builder, like so:

class UserAuthenticatedBuilder (parser: BodyParser[AnyContent])(implicit ec: ExecutionContext)
 extends AuthenticatedBuilder[User]({ req: RequestHeader =>
 req.session.get("user").map(User)
}, parser) {
 @Inject()
 def this(parser: BodyParsers.Default)(implicit ec: ExecutionContext) = {
   this(parser: BodyParser[AnyContent])
 }
}

You can then use the authenticated builder with other action builders, i.e. to use a messagesApi with authentication, you can add:

class AuthMessagesRequest[A](val user: User,
                            messagesApi: MessagesApi,
                            request: Request[A])
extends MessagesRequest[A](request, messagesApi)

class AuthenticatedActionBuilder(val parser: BodyParser[AnyContent],
                                messagesApi: MessagesApi,
                                builder: AuthenticatedBuilder[User])
                               (implicit val executionContext: ExecutionContext)
   extends ActionBuilder[AuthMessagesRequest, AnyContent] {
 type ResultBlock[A] = (AuthMessagesRequest[A]) => Future[Result]

 @Inject
 def this(parser: BodyParsers.Default,
          messagesApi: MessagesApi,
          builder: UserAuthenticatedBuilder)(implicit ec: ExecutionContext) = {
   this(parser: BodyParser[AnyContent], messagesApi, builder)
 }

 def invokeBlock[A](request: Request[A], block: ResultBlock[A]): Future[Result] = {
   builder.authenticate(request, { authRequest: AuthenticatedRequest[A, User] =>
     block(new AuthMessagesRequest[A](authRequest.user, messagesApi, request))
   })
 }
}

Value parameters

onUnauthorized: The function to get the result for when no authenticated user can be found.
userinfo: The function that looks up the user info.

Attributes

Companion: object
Supertypes: trait ActionBuilder[{ type R = AuthenticatedRequest; }#<none>, AnyContent]

trait ActionFunction[Request, { type R = AuthenticatedRequest; }#<none>]

class Object

trait Matchable

class Any

Attributes

Companion: class
Supertypes: class Object

trait Matchable

class Any
Self type: AuthenticatedBuilder.type

An authenticated request

Value parameters

user: The user that made the request

Attributes

Supertypes: class WrappedRequest[A]

trait Request[A]

trait RequestHeader

class Object

trait Matchable

class Any
Show all

Value members

Concrete methods

Wraps another action, allowing only authenticated HTTP requests. Furthermore, it lets users to configure where to retrieve the user info from and what to do in case unsuccessful authentication

For example:

//in a Security trait
def username(request: RequestHeader) = request.session.get("email")
def onUnauthorized(request: RequestHeader) = Results.Redirect(routes.Application.login)
def isAuthenticated(f: => String => Request[AnyContent] => Result) = {
  Authenticated(username, onUnauthorized) { user =>
    Action(request => f(user)(request))
  }
}
//then in a controller
def index = isAuthenticated { username => implicit request =>
   Ok("Hello " + username)
}

Type parameters

A: the type of the user info value (e.g. String if user info consists only in a user name)

Value parameters

action: the action to wrap
onUnauthorized: function used to generate alternative result if the user is not authenticated
userinfo: function used to retrieve the user info from the request header

Attributes

In this article

Generated with