Security use of PLAYFRAMEWORK2

Using the play.api.mvc.Security mechanism, a trait is implemented to extend the user authentication mechanism of the controller.

The methods that the trait needs to implement include:

1. Def username (request:requestheader) = Request.session.get ("email")
2. Def onunauthorized (Request:requestheader) = Results.redirect (routes. Application.login)
3. Def isauthenticated (f: = = = String = Request[anycontent] = Result) = {
Authenticated (username, onunauthorized) {user =
Action (Request = f (user))
}
}

which

1. Username defines a Function1 object that is used to achieve the name of a successful login user from the session, or a user ID, to modify it according to the actual situation; The main use for security.authenticated method invocation is the first parameter:

* @tparam A The type of the user info value (e.g. ' String ' if user info consists only in A user name)
* @param userinfo function used to retrieve the user info from the request header
* @param onunauthorized function used to generate alternative result if the user isn't authenticated
* @param action the action to wrap

def Authenticated[a] (
Userinfo:requestheader = Option[a],
Onunauthorized:requestheader = Result) (action:a = essentialaction): essentialaction

If the option object returned by the function is undefined, the onunauthorized method is triggered;

2. The main responsibility is to not find the user login certification, the page to jump to the login page;

3. The wrapper for the action in the Controller, note the type definition of the incoming parameter, is the procedure function of a layer pass parameter, first of all is a string type of user login credentials (stored in the session); Is the requestheader used by the action routine, and finally the result type of the action returned;

Through the above ideas, to achieve a trait (trait), it can be mixin to the controller, and isauthenticated to wrap the original action.

Trait implementation Examples:

It can be placed in the same file as the application controller.

The controller's notation changes to:

Object application extends Controller with Secured

The original implementation of each action will be replaced with Withauth:

def listuser = withauth {userid =>implicit request = business code}

In this way, in the current business code, you can directly use the credentials of the currently logged on user, UserID.

In addition, in the process of trait implementation, an extension is added, Withuser. It is packaged using Withauth, where complete user information is obtained from the background through user login credentials. Then the action wrapper becomes:

def listuser = withuser {User =>implicit request = business code}

This allows the user to access the complete login information directly through user in the business code.

Security use of PLAYFRAMEWORK2