authentication

Type Members

1. class AuthenticationException extends RuntimeException with NoStackTrace

   

2. trait AuthenticationFailureHandler extends AnyRef

   

3. case class AuthenticationFilter(strategy: AuthenticationStrategy)(implicit executor: ExecutionContext) extends Filter with Product with Serializable

   

   An AuthenticationFilter is a Filter that can be added to any endpoint to enforce authentication for requests.

   An AuthenticationFilter is a Filter that can be added to any endpoint to enforce authentication for requests.

   The AuthenticationFilter delegates to an AuthenticationStrategy to perform the underlying authentication details.

4. trait AuthenticationStrategy extends AnyRef

   

   An AuthenticationStrategy is responsible for retriving a Principal for the current request.

   An AuthenticationStrategy is responsible for retriving a Principal for the current request. How the Principal is retrieved is dependent on the type of strategy used.

   For example, the BasicAuthenticationStrategy, named after HTTP Basic Auth, creates a Principal based on the credentials provided in the Authorization header. If no credentials are supplied an appropriate 401 is returned.

   A SessionAuthenticationStrategy looks up a Principal from the current session. The session would have been populated previously by some previous mechanism (login page for example).

   Another type of AuthenticationStrategy might be to use an API header key to lookup details from a key database.

   To implement a custom strategy, extend from AuthenticationStrategy and implement authenticate. This method must return a Success[Principal] if the request should be authorized, or it should return a Failure with an error message if the request failed.

5. trait AuthenticationSupport extends AnyRef

   

6. class BasicAuthenticationStrategy extends AuthenticationStrategy with ResponseBuilder

   

   An AuthorizationStrategy that uses HTTP Basic Auth.

   An AuthorizationStrategy that uses HTTP Basic Auth. The credentials will be provided in the form of a UserPassToken. Provide a TokenAuthenticator to determine if the presented UserPassToken is valid.

7. class NoAccessAuthorizationStrategy extends AuthenticationStrategy with ResponseBuilder

   

   An implementation of AuthorizationStrategy that always denies requests.

8. case class Principal(id: String) extends Product with Serializable

   

   A principal contains an identification for a user.

   A principal contains an identification for a user.

   id

   a unique value identifying this principal in the underlying system. It could be a database id, a username, the login email, anything that uniquely identifies the user in the system.

9. case class SessionAuthenticationStrategy(sessionKey: SessionKey[Principal] = PrincipalSessionKey)(implicit executor: ExecutionContext) extends AuthenticationStrategy with ResponseBuilder with Product with Serializable

   

   An AuthenticationStrategy that retrieves a Principal from the current session.

   An AuthenticationStrategy that retrieves a Principal from the current session. This Principal is then added to the request for downstream processing.

   The Principal must be set on the session by some step handled externally to this class, for example a login page.

   If no Principal is set on the current session then a 401 is returned.

   There must have been an appropriately configured SessionManager in the endpoint before authentication is attempted.

   sessionKey

   is used to specify the key that the Principal is stored in inside the session.

10. trait TokenValidator extends AnyRef

    

11. class TokenValidatorSet extends TokenValidator

    

    Convenience implementation of TokenAuthenticator that will authenticate against a provided set of valid credentials.

12. case class UserPassToken(username: String, password: String) extends Product with Serializable