Play framework authentication, like htaccess

Question

I have a Play Framework application and i would like to add the simplest authentication method, like .htaccess. Is there something available for Java/Play Framework?

I searched a lot and i didn't find anything. Looked at the documentation for authentication examples, but everything is too big for my project. That's why i need something simple like a .htaccess file.

Answer 1

As others have been saying, using .htaccess is not a very good solution.

Play makes it easy to use basic authentication (username + password) by providing a couple of utility methods to write/read session tokens simply by doing:

requestHeader.session.get("sessionToken")

and

val token = generateSessionToken()

Redirect(routes.MyController.index()).withSession(request.session + ("sessionToken" -> token))

More details: https://pedrorijo.com/blog/scala-play-auth/

Answer 2

If your only goal is using some temporary authentication for app which will not use authentication in the production .htaccess (a.k.a basic auth) is acceptable solution.

Otherwise you should build the authentication/authorization into your app's logic as ssbb pointed. (there are some ready to use plugins for Play 2.x)

The easiest way for using .htaccess auth is... using it. As that's Apache's mechanism, just use the Apache as a HTTP frontend server to control the access to your Play app. Of course you can also use any other, lighter HTTP server which delivers basic auth like nginx or lighttpd

Answer 3

htaccess SHOULD NOT BE USE AS AUTHENTICATION METHOD !!!!!!!

May i suggest you https://www.playframework.com/documentation/2.1.0/JavaGuide4