Reputation: 5123
Play framework, Scala: authenticate User by Role
I've user roles: user, manager, admin. I need to authenticate them in controllers (methods). For example only admin can delete (now it looks like this, need to change that only admin should have permission):
def deleteBook(id: Int) = DBAction {
findById(id) match {
case Some(entity) => {
books.filter(_.id === id).delete
Ok("")
}
case None => Ok("")
}
}
I've many controllers and methods. I need to authenticate before process request (for example deleting book). My routes file contains:
...
DELETE /books/:id @controllers.Book.deleteBook(id: Int)
...
Some routes are only accessible to admin and manager. Some are for all types of users.
I'm currently seeing deadbolt2scala authorization module for play.
Can you recommend best way to authenticate multirole users in playframework scala?
Upvotes: 6
Views: 1754
Answers (1)
Reputation: 1535
I've managed to do this by using StackableControllers provided by https://github.com/t2v/stackable-controller Basically, I use a basic access control list provided by my application.conf. I start by checking if there is a user in my request. If there is one, I can check if he has sufficient access rights to perform the action.
Such a feature may be implemented using BodyParser composition too. I've never done that, though, so someone else's advice may be better for you.
Upvotes: 1
Related Questions
- Basic authentication with play2-auth in Play 2.5.x
- Checking authentication with play2-auth
- play-authenticate - getting user information on scala views or controller for logged in user
- How to implement security Authorization using scala and play?
- Play framework. How to check if user is authenticated or not?
- Access Control, Entitlements in Scala, Play Framework
- Scala/Play http authentication issue - getting user name and password from request
- Authorisation check in controller - Scala/Play
- Authentication and Session Play Framework
- Play 2.0 - authorization