Reputation: 16541
Play framework route parameter authorization
I have REST api on my page and for authentication I use the Play session.
Problem is with authorization, I have tens of endpoints looking like this:
GET /api/domains/:domainId/properties/:propertyId/reports
I could add and if statement on each controller method to check whether user has permissions to that domain or property, but can I handle it somehow globally?
I found this module, but it does not seem to handle parameters, just checks if user is in some group/role or not. https://www.playframework.com/documentation/1.0.2.1/secure
Upvotes: 1
Views: 523
Answers (2)
Reputation: 26
I solved this using a custom RequestHandler. There you can extract parameters from the path and validate them. (In scala I could even modify the request route in order to avoid repeating these parameters in all routes, I don't know if you can do it in java too). (See: https://www.playframework.com/documentation/2.4.x/JavaHttpRequestHandlers)
Upvotes: 1
Related Questions
- Access Play Framework route parameters during action composition
- Restricting Access to method in Play Framework with Authorization - Java
- Play Framework Routes not working
- Authentication with Play! 2.4
- Intercept request and check authorization in playframework
- Play Framework 2.4 authorization
- Play Framework handle Authorization not authentication
- Play Framework route not working though defined correctly
- Play 2.0 - authorization
- Java Play Framework Hidden Url Routes