Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
HTTP Basic Authorization for Play 2.0
def Secured[A](username: String, password: String)(action: Action[A]) = Action(action.parser) { request =>
request.headers.get("Authorization").flatMap { authorization =>
authorization.split(" ").drop(1).headOption.filter { encoded =>
new String(org.apache.commons.codec.binary.Base64.decodeBase64(encoded.getBytes)).split(":").toList match {
case u :: p :: Nil if u == username && password == p => true
case _ => false
}
}.map(_ => action(request))
}.getOrElse {
Unauthorized.withHeaders("WWW-Authenticate" -> """Basic realm="Secured"""")
}
}
def myAction = Secured("admin", "1234secret") {
Action { request =>
Ok
}
}

I think that line 4 of Secured.scala needs to be updated to handle : in password. As noted in this blog post the password can have a colon which means that code above wouldn't handle those passwords properly.

Just a note, that blog post actually doesn't handle colons correctly, I have made a note on the author's gist and forked my own which handles colons correctly here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment