Search code examples
javaplayframeworkplayframework-2.2play-authenticatedeadbolt

Play Framework Authorization Java


Does anybody know if there's play framework module that allows you to authorize pages dynamically in Java?

I'm using the play-authenticate/deadbolt modules (http://joscha.github.io/play-authenticate/ and https://github.com/schaloner/deadbolt-2) for the the authentication/authorization mechanism. However, deadbolt doesn't have a straight forward sample on how to implement authorization per page or resource. It does have the ability to create dynamic constrains but the docs are limited and don't tell you if you can create per page authorization using a model or something else.

I'm thinking of creating a model "Page" that allows you to keep track of all the permissions per page dynamically. Is there a better way ?

Thanks.


Solution

  • You could do this in Deadbolt by wrapping your page content in a dynamic tag. The name given to the tag maps to a DynamicResourceHandler, which can then do a lookup in the DB to see if the current user has access to the page.

    For example, you view would look like this:

    @(handler: my.app.MyDynamicResourceHandler)
    
    @dynamic("handlerName", "pageKey", handler) {
      Your page content goes here
    }
    

    And the handler's isAllowed method would be implemented along the lines of

    public boolean isAllowed(String name,
                             String meta,
                             DeadboltHandler deadboltHandler,
                             Http.Context context)
    {
        Subject subject = deadboltHandler.getSubject();
        result = // check your user's access to the page key (provided as the meta argument)
        return result;
    }
    

    The documentation is being improved at the moment, and in the meantime you can see more examples at http://deadbolt-2-java.herokuapp.com/#template-dynamic