Created
April 27, 2013 19:04
-
-
Save marcusschiesser/5474213 to your computer and use it in GitHub Desktop.
AuthFilter secures your Play 2.1.1 web application by allowing only requests that contain a secret access key. Once authenticated the secret key is stored in the session object for convenience.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package util | |
import play.api.mvc._ | |
import play.api.Logger | |
object AuthFilter extends Filter { | |
val accessParam = "access_key" | |
val accessKey = "secret" | |
override def apply(next: RequestHeader => Result)(request: RequestHeader): Result = { | |
val param = request.getQueryString(accessParam).orElse(request.session.get(accessParam)) | |
if (param.getOrElse() != accessKey) { | |
Logger.error("Non-authenticated access from host: " + request.remoteAddress) | |
Results.NotFound.withNewSession | |
} else { | |
next(request).withSession(request.session + (accessParam -> accessKey)) | |
} | |
} | |
def validSession(): (String, String) = { | |
(accessParam, accessKey) | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
see http://www.marcusschiesser.de/2013/04/securing-your-play-2-1-1-web-application-using-a-filter/