Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
HTTP Basic Authorization for Play 2.0
def Secured[A](username: String, password: String)(action: Action[A]) = Action(action.parser) { request =>
request.headers.get("Authorization").flatMap { authorization =>
authorization.split(" ").drop(1).headOption.filter { encoded =>
new String(org.apache.commons.codec.binary.Base64.decodeBase64(encoded.getBytes)).split(":").toList match {
case u :: p :: Nil if u == username && password == p => true
case _ => false
}.map(_ => action(request))
}.getOrElse {
Unauthorized.withHeaders("WWW-Authenticate" -> """Basic realm="Secured"""")
def myAction = Secured("admin", "1234secret") {
Action { request =>

This comment has been minimized.

Copy link

EdgeCaseBerg commented Mar 8, 2016

I think that line 4 of Secured.scala needs to be updated to handle : in password. As noted in this blog post the password can have a colon which means that code above wouldn't handle those passwords properly.

Just a note, that blog post actually doesn't handle colons correctly, I have made a note on the author's gist and forked my own which handles colons correctly here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.