AuthFilter secures your Play 2.1.1 web application by allowing only requests that contain a secret access key. Once authenticated the secret key is stored in the session object for convenience.

AuthFilter.scala

package util
 
import play.api.mvc._
import play.api.Logger
 
object AuthFilter extends Filter {
  val accessParam = "access_key"
  val accessKey = "secret"
 
  override def apply(next: RequestHeader => Result)(request: RequestHeader): Result = {
    val param = request.getQueryString(accessParam).orElse(request.session.get(accessParam))
    if (param.getOrElse() != accessKey) {
      Logger.error("Non-authenticated access from host: " + request.remoteAddress)
      Results.NotFound.withNewSession
    } else {
      next(request).withSession(request.session + (accessParam -> accessKey))
    }
  }
 
  def validSession(): (String, String) = {
    (accessParam, accessKey)
  }
}

see http://www.marcusschiesser.de/2013/04/securing-your-play-2-1-1-web-application-using-a-filter/