Reputation: 5116
Play's default Security Authentication Filter not hit
I am trying to implement the Play's Authentication by extending the Security.Authenticator class. I am using Play 2.4.2 (Damiya ) and here is my code.
public class Secured extends Security.Authenticator{
public Secured() {
Logger.info("In secured constructor....");
}
@Override
public String getUsername(Context context) {
return context.session().get("loggedin_user");
}
@Override
public Result onUnauthorized(Context context) {
return redirect(routes.Application.index());
}
}
I think this class which extends Security.Authenticator acts as J2EE filter intercepting every single request. But I haven't seen a single time the constructor logger printed. Correct me if I misunderstood the concept of Security.Authenticator, let me know how it works.
I tried to use @Security.Authenticated on top of one of the action method in controller and the class is not even compiling despite throwing the following compile time error.
package Security does not exist Security.Authenitcated
I guess some library is missing, Is the process of Play's Authentication changed in Play 2.4.2 version? Does this Secured class filters all requests checking for authentication?
Update:
After keeping the @Authenticated annotation from play.mvc.Security.Authenticated on top the action method in controller request is filtered at Secured class. I noticed that each time request is passed through the Security class, it's constructors logger message is printed. Does it mean each time a new Secured object is created?
Upvotes: 1
Views: 874
Answers (2)
Reputation: 590
I'm aware you have found your answer for your question but in case of you want to use an injected service in your Security.Authenticator implementation which you probably will (because Play 2.4.* uses DI), you will get injection errors. This was an issue for Play 2.4.2 and solved in new Play 2.4.3 version. I suggest you to upgrade your version of Play.
The issue can be found in this link.
As an example something like this, will cause an error in 2.4.2, but not in 2.4.3;
@Singleton
public class SecurityGuard extends Security.Authenticator {
String message;
@Inject
Response response; // injected play service
@Override
public String getUsername(Http.Context ctx) {
// removed code
}
@Override
public Result onUnauthorized(Http.Context ctx) {
return response.unauthorized(message);
}
}
Upvotes: 2
Reputation: 8263
Did you import Security.Authentification or play.mvc.Security.Authenticator
in the case of
import Security.Authentification;
I receive
Compilation error[package Security does not exist]
In the case of
import play.mvc.Security.Authenticator;
All works as expected. So I am pretty sure you just do wrong import.
Update: "I noticed that each time request is passed through the Security class, it's constructors logger message is printed. Does it mean each time a new Secured object is created?"
Yes. I check the Play source code and verify that it creates new instance each time request is passed.
Authenticator authenticator = injector.instanceOf(configuration.value());
String username = authenticator.getUsername(ctx);
Upvotes: 1
Related Questions
- Not able to find play.filters package
- Configuration key 'authorizationUrl' is set to null but expected STRING]
- Authentication in Play 2.3.x
- Authentication with Play! 2.4
- SecureSocial 3.0-M3 Custom Login view with play 2.3.9
- Play framework 2 authentication options
- play2-auth don't recognize user after login
- Play Framework handle Authorization not authentication
- install play-authenticate plugin
- SecureSocial configuration issue with Play 2.1