Skip to content
milo-minderbender edited this page Aug 17, 2012 · 20 revisions

Play2.0 module for Authentication and Authorization

This module offers Authentication and Authorization features to Play2.0 applications

Target

This module targets the Scala version of Play2.0.

For the Java version of Play2.0, there is an authorization module called Deadbolt 2.

This module has been tested on Play2.0final and Play2.0.1.

Motivation

Play2.0's Existing Security trait

The existing Security trait in Play2.0 API does not define an identifier that identifies a user.

If you use an Email or a userID as an identier, users can not invalidate their session if the session cookie is intercepted.

This module creates a unique SessionID using a secure random number generator. Even if the sessionId cookie is intercepted, users can invalidate the session by logging in again. Your application can expire sessions after a set time limit.

Flexiblity

Since the Security trait in Play2.0 API returns Action, complicated action methods wind up deeply nested.

Play2.0-auth provides an interface that returns an Either[PlainResult, User] making writing complicated action methods easier. Either is a wrapper similar to Option