An authenticated action builder.
An authenticated action builder.
This can be used to create an action builder, like so:
class UserAuthenticatedBuilder (parser: BodyParser[AnyContent])(implicit ec: ExecutionContext) extends AuthenticatedBuilder[User]({ req: RequestHeader => req.session.get("user").map(User) }, parser) { @Inject() def this(parser: BodyParsers.Default)(implicit ec: ExecutionContext) = { this(parser: BodyParser[AnyContent]) } }
You can then use the authenticated builder with other action builders, i.e. to use a messagesApi with authentication, you can add:
class AuthMessagesRequest[A](val user: User, messagesApi: MessagesApi, request: Request[A]) extends MessagesRequest[A](request, messagesApi) class AuthenticatedActionBuilder(val parser: BodyParser[AnyContent], messagesApi: MessagesApi, builder: AuthenticatedBuilder[User]) (implicit val executionContext: ExecutionContext) extends ActionBuilder[AuthMessagesRequest, AnyContent] { type ResultBlock[A] = (AuthMessagesRequest[A]) => Future[Result] @Inject def this(parser: BodyParsers.Default, messagesApi: MessagesApi, builder: UserAuthenticatedBuilder)(implicit ec: ExecutionContext) = { this(parser: BodyParser[AnyContent], messagesApi, builder) } def invokeBlock[A](request: Request[A], block: ResultBlock[A]): Future[Result] = { builder.authenticate(request, { authRequest: AuthenticatedRequest[A, User] => block(new AuthMessagesRequest[A](authRequest.user, messagesApi, request)) }) } }
An authenticated request
Wraps another action, allowing only authenticated HTTP requests.
Wraps another action, allowing only authenticated HTTP requests. Furthermore, it lets users to configure where to retrieve the user info from and what to do in case unsuccessful authentication
For example:
//in a Security trait def username(request: RequestHeader) = request.session.get("email") def onUnauthorized(request: RequestHeader) = Results.Redirect(routes.Application.login) def isAuthenticated(f: => String => Request[AnyContent] => Result) = { Authenticated(username, onUnauthorized) { user => Action(request => f(user)(request)) } } //then in a controller def index = isAuthenticated { username => implicit request => Ok("Hello " + username) }
the type of the user info value (e.g. String
if user info consists only in a user name)
function used to retrieve the user info from the request header
function used to generate alternative result if the user is not authenticated
the action to wrap
Wraps another action, allowing only authenticated HTTP requests.
Wraps another action, allowing only authenticated HTTP requests.
The user name is retrieved from the (configurable) session cookie, and added to the HTTP request’s
username
attribute. In case of failure it returns an Unauthorized response (401)
For example:
//in a Security trait def isAuthenticated(f: => String => Request[AnyContent] => Result) = { Authenticated { user => Action(request => f(user)(request)) } } //then in a controller def index = isAuthenticated { username => implicit request => Ok("Hello " + username) }
the action to wrap
(Since version 2.6.0) Use Authenticated(RequestHeader => Option[String])(String => EssentialAction)
Key of the username attribute stored in session.
Key of the username attribute stored in session.
(Since version 2.6.0) Security.username is deprecated.
Helpers to create secure actions.