How to protect static files with authorization ActionBuilder In Play 2.5 Framework

Question

I have an ActionBuilder I use on most REST endpoints in my Play 2.5 app:

  def IfAuthorized(auths: Authorizations*): ActionBuilder[AuthRequestWithAuthorization] = {
    new MyAuthActionBuilder(auths.toList)
  }

which I can use as :

  def status = IfAuthorized(Editor).async { implicit authReq =>
      //eventually return Result
  }

Now I want to wrapp the static files requests in the same ActionBuilder. Currently I use this oneliner, which enables me to serve html, js, css etc., all returned/cached without my interference:

GET         /ui/*file                  controllers.Assets.versioned(path="/public", file: Asset)

I'm not sure how to shove in the ActionBuilder. A poor attempt to return the initial html page include:

  def index()= IfAuthorized(Editor) {  authReq =>
    val contentStream = this.getClass.getResourceAsStream("/public/index.html")
    Ok.chunked(Enumerator.fromStream(contentStream)).as(HTML)
  }

This Action is only able to return a specific html file, whereas I want all static assets returned from 1 route, protected by my custom ActionBuilder

Answer 1

You will need to implement your own asset controller: The route

GET   /auth/*file   controllers.AuthAssets.at(path="/public", file: String)

would point to the following endpoint:

class AuthAssets extends Controller {
    def at(path: String, file: String) = IfAuthorized(Editor) {  authReq =>
        val contentStream = this.getClass.getResourceAsStream(path + file)
        Ok.chunked(Enumerator.fromStream(contentStream))
    }
}