Restful (and stagnant) Auth with Play Framework and Scala

Question

Restful (and stagnant) Auth with Play Framework and Scala

I recently thought about how to properly get my webframework / application-stack. I am slowly moving on to scala and functional programming (from Python using CherryPy). Thus, it was natural to watch on Play, as it is the most widely supported infrastructure (now that even SafeSafe has adopted it). Feel free to correct me if I missed something.

Thus, the game really embraces the idea of stand-alone web applications, and it's hard for me to wrap it around it in terms of authentication and authorization. Now, after some online digging (the final form-based authentication guide ), I came to the conclusion that authentication and authorization should be done every time I call my backend (JSON-RPC or something else), getting away from the old idea of a cookie session .

Now, what is the best approach to achieve this with today's technology?

What about:

I was thinking of the “simple” DigestAuth as it is proven and widespread, but then it has the same feeling as the old and rusty base auth.

Thanks!

+7

authentication playframework-2.0 stateless

Alessandroemmm Apr 30 '13 at 16:29

source share

2 answers

wpc · Answer 1 · 2013-06-12T13:41:33+0000

You can easily get a working solution. But this is not good. It seems that the advantage of a stateless state does not require an exchange of sessions. Easy to scale. But make authentication for each call costly. Sometimes even additional database read statements are added. This will slow down the response. If you want to cache the authentication result, then there will be no difference with a stateful session solution. As my opinion. You cannot implement role-based access control without statelessness!

arussinov · Answer 2 · 2013-04-30T18:59:39+0000

As for me, I use this in my current project https://github.com/t2v/play20-auth , works great.

Restful (and stagnant) Auth with Play Framework and Scala

More articles: