auth.gui

Class AuthSessionCookie

java.lang.Object

auth.gui.AuthSessionCookie

public class AuthSessionCookie
extends java.lang.Object

This class defines authentication via session cookies (which is the default authentication in the Play Framework).

It checks Play's session cookie and does authorization. It has several layers of security:

1) First, it checks if a username is in Play's session cookie and if this username belongs to a user in the database.

2) Check if the session timed out. The time span is defined in the application.conf.

3) Check if the session timed out due to inactivity of the user. With each request by the user, the time of last activity gets refreshed in the session.

4) Check if the logged-in user has the proper Role needed to access this page. This Role is an optional parameter in the AuthAction.Auth annotation.

5) It checks if the user was deactivated by an admin.

The AuthAction.Auth annotation does not check the user's password. This is done once during login (class SignIn).

The User object is put in the RequestScope for later use during request processing.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	auth.gui.AuthAction.AuthMethod.AuthResult Result of an authentication attempt.

Method Summary

Modifier and Type	Method and Description
auth.gui.AuthAction.AuthMethod.AuthResult	authenticate(play.mvc.Http.Request request, User.Role role)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

authenticate

public auth.gui.AuthAction.AuthMethod.AuthResult authenticate(play.mvc.Http.Request request,
                                                              User.Role role)

Parameters:

request - This action's Http.Request object

role - Role the user must have to access the resource

Returns:

Returns an AuthAction.AuthMethod.AuthResult.