Called when a user attempts to access an action that requires authentication and they are not properly authenticated.
Called when a user attempts to access an action that requires authentication and they are not properly authenticated. Implement this method to specify what happens when a user is not logged in. For example, return 403 Forbidden, or redirect them to a login page.
The unauthenticated request.
The Result
you would like to return to the user when they are unauthenticated.
Called when a user attempts to access an action that requires authorization, but they are not authorized via AuthConfig#authorize.
Called when a user attempts to access an action that requires authorization, but they are not authorized via AuthConfig#authorize. Implement this method to specify what happens when a user is not authorized to access a resource. For example, return 403 Forbidden.
The unauthorized request.
The user that initiated the unauthorized request.
The authority key the user was denied from accessing.
The Result
you would like to return to the user when they are unauthorized.
Determines whether or not a user is authorized to perform a certain action by authority key.
Determines whether or not a user is authorized to perform a certain action by authority key. Implement this method to connect your own authorization scheme from your application.
The user requesting authorization to perform an action.
The authority key associated with the action.
True if the user is authorized, which will allow the action to proceed. Otherwise false, and the user will be denied access and informed via AuthConfig#authorizationFailed.
Determines where to redirect the user by default after successfully logging in.
Determines where to redirect the user by default after successfully logging in. Implement this method to specify
where to direct a user after Login#gotoLoginSucceeded
is called.
The original request used to authenticate.
A Result
typically directing the user to a default URL to be seen after logging in, which will have
additional headers applied to set cookies on top of the provided Result
.
Determines where to redirect the user by default after logging out.
Determines where to redirect the user by default after logging out. Implement this method to specify where to direct
a user after Logout#gotoLogoutSucceeded
is called.
The request that initiated the logout action.
A Result
typically directing the user to a default URL to be seen after logging out, which will additionally
contain headers to discard any Play Sentry cookies on top of the provided Result
.
Resolves a user by ID.
Resolves a user by ID. Implement this method to connect the user type from your own application.
The ID of the user to find.
The user, if found, otherwise None
.
Defines the maximum lifespan of a session.
Defines the maximum lifespan of a session. Each session's timeout is reset to this value every time a request from them is successfully authentiated.
The AuthConfig defines the behavior of an application where it intersects with the authentication and authorization system. This will allow Sentry to know how to find a user in your application, how to authorize them, and where to direct them when these actions succeed or fail.
Most of the work involved in integrating Play Sentry into your application is implementing your own AuthConfig. Your own AuthConfig should be a class that extends this type, fixes the
Env
type, and implements all of the methods to customize it to your application's desired behavior.The environment type of your application.