-
Notifications
You must be signed in to change notification settings - Fork 1
Controllers (Basics)
Controllers: Basics | Use | Config | Service Requests | Users & Tokens
Play controllers are used for performing all HTTP actions. The security features available to the controllers depend on authentication providers that are used (currently only local authentication and Auth0 are supported).
Note: The actual handler signatures have been removed for brevity; check the
core3.http.controllerspackage for more details.
Warning: The use of local auth should be avoided for anything but the most trivial of applications. It was created with the intention of providing a basic alternative to Auth0 (and any future providers) and the ability to quickly create a PoC system without much configuration.
trait ClientControllerBase[T <: UserTokenBase] extends InjectedController {
def AuthorizedAction(requiredGroup: ActionGroup, ... handlers ...): Action[AnyContent]
def PublicAction(okHandler: ...): Action[AnyContent]
def LoginAction(... handlers ...): Action[AnyContent]
def LogoutAction(returnToURI: Option[String] = None): Action[AnyContent]
}-
AuthorizedAction(...)- for routes that require authentication and authorization; anything that needs to be secured needs to be built on top of this action -
PublicAction(...)- for routes that do NOT require authentication and authorization; anything that needs to be public can be built on top of this actions but it can also be used to provide one response for authenticated users and a different one for unauthenticated users. -
LoginAction(...)- for user login handling -
LogoutAction(...)- for user logout handling
Users authenticate via Auth0's service which responds with JWT. The token is then used to determine the level of access the user has (if any). The various authentication and authorization options depend almost entirely on the functionality provided by Auth0.
Authentication and authorization data is provided entirely by the local system via a credentials database (and the LocalUser container). This controller is based on username-password pairs for authentication and a list of available permissions for authorization.
Warning: The use of local auth should be avoided.
trait ServiceControllerBase[T <: UserTokenBase] extends InjectedController {
def UserAwareAction(requiredScope: ActionScope, ... handlers ...): Action[AnyContent]
def ClientAwareAction(requiredScope: ActionScope, ... handlers ...): Action[AnyContent]
def PublicAction(okHandler: ...): Action[AnyContent]
}-
UserAwareAction(...)- for routes that require both (non-interactive) client and user security auth -
ClientAwareAction(...)- for routes that require client-only authentication and authorization -
PublicAction(...)- for routes that do NOT require authentication and authorization; anything that needs to be public can be built on top of this actions but it can also be used to provide one response for authenticated users and a different one for unauthenticated users.
Uses Auth0 delegation tokens to identify other applications and user access tokens to identify the users of those applications.
Works in the same way as the local auth ClientController.
Warning: The use of local auth should be avoided.
-
okHandler- handler to be executed when all operations (login, authenticate and authorize, etc) complete successfully -
unauthorizedHandler- handler to be executed when the user is not authenticated or the authentication failed (depending on action) -
forbiddenHandler- handler to be executed when the user is authenticated but does not have permission to access the resource
Home | Getting Started | Structure | Containers | Workflows | Controllers