Skip to content

Instantly share code, notes, and snippets.

@guillaumebort
Created April 7, 2012 12:05
Show Gist options
  • Star 37 You must be signed in to star a gist
  • Fork 11 You must be signed in to fork a gist
  • Save guillaumebort/2328236 to your computer and use it in GitHub Desktop.
Save guillaumebort/2328236 to your computer and use it in GitHub Desktop.
HTTP Basic Authorization for Play 2.0
def Secured[A](username: String, password: String)(action: Action[A]) = Action(action.parser) { request =>
request.headers.get("Authorization").flatMap { authorization =>
authorization.split(" ").drop(1).headOption.filter { encoded =>
new String(org.apache.commons.codec.binary.Base64.decodeBase64(encoded.getBytes)).split(":").toList match {
case u :: p :: Nil if u == username && password == p => true
case _ => false
}
}.map(_ => action(request))
}.getOrElse {
Unauthorized.withHeaders("WWW-Authenticate" -> """Basic realm="Secured"""")
}
}
def myAction = Secured("admin", "1234secret") {
Action { request =>
Ok
}
}
@EdgeCaseBerg
Copy link

I think that line 4 of Secured.scala needs to be updated to handle : in password. As noted in this blog post the password can have a colon which means that code above wouldn't handle those passwords properly.

Just a note, that blog post actually doesn't handle colons correctly, I have made a note on the author's gist and forked my own which handles colons correctly here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment