5. Identity Providers
A provider implements the logic required to support an
authentication scheme.
OAuth 1: Twitter, LinkedIn
OAuth 2: Facebook, Google, GitHub
OpenID (coming soon)
Username and Password
Your own provider
6. Identity
Represents a user in a Provider
Providers return an instance of this trait upon successful
authentication
Modeled with a trait in Scala and an interface on the Java API
tatIett {
ri dniy
dfi:UeI
e d srd
dffrtae Srn
e isNm: tig
dflsNm:Srn
e atae tig
dfflNm:Srn
e ulae tig
dfeal Oto[tig
e mi: pinSrn]
dfaaaUl Oto[tig
e vtrr: pinSrn]
dfatMto:AtetctoMto
e uhehd uhniainehd
dfouhIf:Oto[At1no
e At1no pinOuhIf]
dfouhIf:Oto[At2no
e At2no pinOuhIf]
dfpswrIf:Oto[asodno
e asodno pinPswrIf]
}
7. UserService
Provides a way to persist/find Identities from a backing store
No imposed persistence mechanism. Developer is free to
use anything
Any class implementing Identity can be returned: this allows
you to return your own model class
tatUeSrie{
ri srevc
dffn(d UeI)Oto[dniy
e idi: srd:pinIett]
dffnBEalnPoie(mi:Srn,poieI:Srn)Oto[dni
e idymiAdrvdreal tig rvdrd tig:pinIett
y]
dfsv(sr Iett)
e aeue: dniy
/ temtosta hnl tkn aeue
/ h ehd ht ade oes r sd
/ i sg u adrstpswr rqet
/ n in p n ee asod euss
dfsv(oe:Tkn
e aetkn oe)
dffnTkntkn Srn) Oto[oe]
e idoe(oe: tig: pinTkn
dfdltTknui:Srn)
e eeeoe(ud tig
dfdltEprdoes)
e eeexieTkn(
}
8. Installation
Available as a downloadable dependency
Stable versions and master snapshots
ojc Apiainul etnsBid{
bet plctoBid xed ul
vlapae
a pNm ="yp"
MAp
vlapeso
a pVrin ="."
10
vlapeednis=Sq
a pDpnece e(
"eueoil %"eueoil291 %".."
scrsca" scrsca_.." 207
)
vlmi =PaPoetapae apeso,apeednis miLn =S
a an lyrjc(pNm, pVrin pDpnece, anag C
AA.etns
L)stig(
rsles+ Rsle.r(ScrSca Rpstr" ul"tp/scrs
eovr = eovrul"eueoil eoioy, r(ht:/eue
oilw/eoioyrlae/)(eovriytlPten)
ca.srpstr/eess")Rsle.vSyeatrs
)
}
9. Configuration
Settings go in a securesocial section of your conf file
Global settings: onLoginGoto, onLogoutoTo, ssl
scrsca {
eueoil
oLgnoo/
noiGT=
oLguGT=lgn
nootoo/oi
slfle
s=as
}
12. Protecting Actions
SecuredAction: intercepts requests and redirects them to a
login page if the user is not authenticated (returns
unauthorized error for ajax calls)
Authorization: SecuredActions can receive an Authorization
instance that checks if an authenticated user is authorized to
execute it. Renders an error page (returns forbidden for ajax
calls)
13. SecuredAction
Add the SecureSocial trait to your controllers
dfmAto =Scrdcin{ipii rqet=
e ycin eueAto mlct eus >
O(iw.tlidxrqetue)
kveshm.ne(eus.sr)
}
dfmAaCl =Scrdcintu){ipii rqet=
e yjxal eueAto(re mlct eus >
O(sntJo(a(msae - "el").sJO)
kJo.osnMp"esg" > hlo))a(SN
}
14. Authorization
To add authorization logic to an action you need to implement
the Authorization trait.
cs casWtRl(oe Rl)etnsAtoiain{
ae ls ihoerl: oe xed uhrzto
dfiAtoie(dniy Iett) Boen={
e suhrzdiett: dniy: ola
iett mth{
dniy ac
cs ue:Ue = ue.aRl(oe
ae sr sr > srhsoerl)
cs _=
ae >
Lge.ro(DdntgtaSsinsrojc"
ogrerr"i o e esoUe bet)
fle
as
}
}
}
dfmAto =Scrdcin WtRl(di)){ipii rqet=
e ycin eueAto( ihoeAmn mlct eus >
O(iw.tlidxrqetue)
kveshm.ne(eus.sr)
}
15. UsernamePassword
Provider
Enforces flows that prevent leaking information in the
Signup, Login and Password recovery flows
Password change functionality
Enforces password strength and hashing
16. Password Validator
Used to enforce password strength
DefaultPasswordValidator: checks length specified in settings
file
To customize, implement the PasswordValidator and register
it in the play.plugins file
tatPswrVldtretnsPui {
ri asodaiao xed lgn
dfiVldpswr:Srn) Boen
e sai(asod tig: ola
dferresg:Srn
e roMsae tig
}
17. Password Hasher
Built in (and recommended) is based on Bcrypt
Several can be configured, allowing easy migration to new
algorithms as needed
PasswordInfo: stores the hashed password, an optional salt
and the hasher id
Passwords are hashed with the 'default' hasher
tatPswrHse etnsPui wt Rgsrbe{
ri asodahr xed lgn ih eital
dfhs(liPswr:Srn) PswrIf
e ahpanasod tig: asodno
dfmthspswrIf:PswrIf,splePswr:Srn) Boen
e ace(asodno asodno upidasod tig: ola
}
18. Views Customization
Built in templates use Twitter Bootstrap
TemplatesPlugin: used to render views/emails
To customize: change css or implement and register it
instead of the default one
dfgtoiPg[]ipii rqet RqetA,
e eLgnaeA(mlct eus: eus[]
fr:Fr[Srn,Srn),
om om(tig tig]
mg Oto[tig =Nn) Hm
s: pinSrn] oe: tl
dfgtinpmi(oe:Srn)ipii rqet Rqetedr:Srn
e eSgUEaltkn tig(mlct eus: eusHae) tig
dfgtoiPg[]ipii rqet RqetA,
e eLgnaeA(mlct eus: eus[]
fr:Fr[Srn,Srn),
om om(tig tig]
mg Oto[tig =Nn) Hm =
s: pinSrn] oe: tl
{
scrsca.iw.tllgnfr,mg
eueoilveshm.oi(om s)
}
dfgtinpmi(oe:Srn)ipii rqet Rqetedr:Srn ={
e eSgUEaltkn tig(mlct eus: eusHae) tig
scrsca.iw.tlmissgUEaltkn.oy
eueoilveshm.al.inpmi(oe)bd
}
19. Internationalization
Built in messages are extracted
To customize: copy the messages from the sources into your
messages file and change as needed
scrsca.oi.il=oi
eueoillgntteLgn
scrsca.oi.eehr
eueoillgnhr=ee
scrsca.oi.naiCeetasIvldCeetas
eueoillgnivldrdnil=nai rdnil
scrsca.oi.ogtasodDdyufre yu pswr?
eueoillgnfroPswr=i o ogt or asod
20. Creating an Identity
Provider
asrc casIettPoie(plcto:Apiain
btat ls dniyrvdrapiain plcto)
etnsPui wt Rgsrbe
xed lgn ih eital
{
.
.
dfdAt[])ipii rqet RqetA)Ete[eut ScaUe]
e ouhA((mlct eus: eus[]:ihrRsl, oilsr
dfflPoieue:ScaUe)ScaUe
e ilrfl(sr oilsr:oilsr
.
.
}