用户认证 - Play 框架，Java

Question

I am new to Play Framework. I am doing practicing (Play+Java) by creating various types of scenario eg link with the DB, retrieve data from Database using JPA, Master Detail forms, saving data into database etc.

I want to implement user authentication. User login to application. To access application user must have authorization.

For example : Employee - Add/Edit/View/Delete. Some users may have all the authorization and some users have View only or Add/Edit/Delete or only Edit. Even in Employee Edit option user can only edit certain field eg Emplyee name is not allowed but employee's address can edit. ie field level authorization.

Thanks

Answer 1

1. use an Authentication Controller to check user login id/password class AuthController @Inject()(cache: CacheApi, cached: Cached, actorSystem: ActorSystem) extends Controller {

2. if id/password is correct, generate an UUID key, and stored user object (uservo) in memory cache with UUID key. The key can be stored in browser cookie.

val cacheTimeout = 10.minutes val key = UUID.randomUUID.toString cache.set(key, uservo, cacheTimeout) Ok().withSession( request.session + ("key" -> key) )

3. We can get cookie with "key" value in the following html requests. If the key can be retrieved from memory cache, the user is valid to do the action. Remember to set the cookie value again, or else the cached uservo in memory cache will timeout after 10 minutes

(request.session.get("key").flatMap { key => cache.get[Uservo](key) } map { uservo => // need to set cache with "key" again, or else the memory will timeout in 10 minutes cache.set(request.session.get("key").get, uservo, cacheTimeout) // do the action.. }).orElse { // failed and return to login home page Some(Future(Redirect("/").withNewSession)) }