stackoom
  简体   繁体   中英

Implementing secure native Play Framework 2.3.x (Java style) authentication

 原文  2015-01-10 21:17:46       java/ authentication/ playframework/ playframework-2.3

Question

First of all, I am fully aware of the authentication modules that are available to Play. That said, I am unable to implement even the simplest example code from let's say SecureSocial . With a little bit of research it became clear that a lot of things were broken in their example code provided here when the Play Framework updated to version 2.3.x .

With the help of online docs and the excellent video tutorial by Philip Johnson on implementing standard (unsafe) authentication I did succesfully implemented the following: 

// Class which is used by the @Security annotation
public class Secured extends Security.Authenticator {

    @Override
    public String getUsername(Context ctx) {
        return ctx.session().get("auth");
    }

    @Override
    public Result onUnauthorized(Context ctx) {
        return  redirect(routes.Application.login());
    }
}


// Controller class that serves routes
public class Application extends Controller {

    @Security.Authenticated(Secured.class)
    public static Result index() {
        return ok(index.render("Your new application is ready."));
    }

    public static Result login() {
        session().clear();
        session("auth", "a1234");   // dummy data simulating succesful login
        returning redirect(routes.Application.index());
    }
}

I need to ultimately implement a safe login system to authenticate users.

My question is two-sided. What would be the better of the following: 'reinventing the wheel' (at least partly) by taking the working code base and improving it or give implementing one of the authentication modules another shot?

We all do not like reinventing the wheel, that said, I have a much better chance of succesfully compiling when I made it myself it seems...

I am aware that for a wholesome security-in-depty (aka layered security) a secure connection implementation is also needed ( HTTPS with TLS 1.2` at the time of writing). This is beyond the scope of my question.

1 answers

solution1
 1 ACCPTED  2015-01-11 22:37:39

I don't know if there's a right answer to this question. Whether to build your own framework or to try an existing framework (which might not work perfectly) is a matter for your own judgement. Personally, I'd probably use SecureSocial as a starting point but then write my own code if I couldn't get it working. It sounds like this is the approach you've already tried.

To use SecureSocial you'd probably need to check out the master branch and build from source. It might be hard to use if the examples are out of date, but then again writing your own auth code is difficult too.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Authentication in Play 2.3.x Setting up Play Framework 2.3.x with Java 7 support pdf module for play framework 2.3.x Unit testing file upload in a controller with Java Play Framework 2.3.x How to set a value to a key in application.conf file in Play Framework (Java) 2.3.x mongo db gridfs throws null pointer exception in play framework 2.3.x java Play Framework 2.3.x external asset / upload folder (Play Framework 2.3.x) How to get the previous url? Play Framework 2.3.x ByteChunks MP3 streaming has no playback, is not 'scrollable' in the browser static asset serving from absolute path in play framework 2.3.x
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM