Geek Answers Handbook

User Authentication / Membership in the Play Framework

I want to support user authentication in the Play Application. This is a web application, and I think the built-in "Secure" module is too simple for my needs. In fact, a user group discusses how the secure module is really intended for demo tunes. However, how can I develop such a system?

In essence, the application will allow the user to log in, and then they will have their own settings, etc., applied throughout the application. There are several pages for which non-authenticated users can browse, but if the client is authenticated, the presentation of these pages will be different. Pretty simple setup, but most of the documentation applies only to a simple secure module.

+8
authentication playframework
source share
4 answers

If your only special requirement is that some pages be publicly available, I have your answer: Loading structure: how to require a login for some actions, but not all . I just copied the Secure module and made some small additions.

+4
source share

You can use PlayPlugins for this. I started writing a plugin that provided security in a powerful way. This is a transition from BasisSecurity to Grails. At the moment, I do not find time for further development. Here you can see the current status of https://code.launchpad.net/~opensource21/+junk/permsec .

+2
source share

out of your requirements, the current authentication module seems sufficient. If not, then what have I done for my project:

  • Copy classes from the module (Protected controller, annotation, tag) to the project
  • Extend the controller by adding additional features.

I do not have my code for posting samples here, but overall I:

  • renamed classes (sorry if I say that one name means another, do not remember the original names!)
  • Methods have been added to Secure Controller for handling OpenId and OAUth authentication.
  • added support methods in my User model, which, taking into account the service identifier (Google OpenId, Twitter id, etc.), return an existing user from the database with this identifier, or if it does not exist, creates and returns a new user associated with this identifier.
  • some flags added (e.g. admin, supervisor, etc.) to the User class

  • changed the verification method in the security controller to check annotation values ​​with user flags. Something like (pseudo code)

    var ok: Boolean = false ok = ok || (annotation.value == "admin" && currentUser.isadmin) ok = ok || (annotation.value == "supervisor" && currentUser.issupervisor) ...

  • added annotation to the appropriate methods and added the Secure controller (via @With) to classes that require access control

With this, I have a secure system, and it seems to work just fine (crossed fingers: P)

+2
source share

I don't know if this can help you, but look at the deadbolt module for managing access rights to views / controllers ...
http://www.playframework.org/modules/deadbolt-1.0/home

+1
source share

More articles:


All Articles