{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 在下西门庆 的问题《Java Play! 2 - User management with cookies》','https://www.manongdao.com/q-1204185.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to manage my user via cookie. It's not that easy because there is absolutely no documentation about this topic.
With the help of the sample "zentask" I made this:
session("username", filledForm.field("username").value());
public class Secured{
public static Session getSession() {
return Context.current().session();
}
public static String getUsername() {
return getSession().get("username");
}
public static boolean isAuthorized() throws Exception {
String username = getUsername();
if (username == null)
return false;
long userCount = DatabaseConnect.getInstance().getDatastore()
.createQuery(User.class).field("username").equal(username)
.countAll();
if (userCount == 1)
return true;
return false;
}
I am using it like this:
public static Result blank() throws Exception {
if (Secured.isAuthorized())
return ok(Secured.getUsername());
else
return ok(views.html.login.form.render(loginForm));
}
Now I have several questions/problems:
1.) Cookie is not dectypted and always looks the same. eg bdb7f592f9d54837995f816498c0474031d44c1a-username%3Akantaki
2.) What does the class Security.Authenticator do?
3.) I think user management through cookies is a very common problem, does play!2.0 offer me a complete solution? Or is there at least some documentation?
As shown in the Zentask sample, your
Securedclass should extendSecurity.Authenticator.With this, it will allow to put a
@Security.Authenticatedannotation either on a Controller, or on an Action. This annotation allows to redirect the client to another page if the user is not properly authorized (by overriding theSecurity.Authenticator.onUnauthorized()method).The workflow is the following:
There is also full stack for
authenticationandauthorization- Play Authenticate by Joscha Feth. (available at GitHub)It incorporates ready-to-use sample for Java, which uses concepts of
securesocial+ full Deadbolt 2 (by Steve Chaloner) support. it has:registerandlog inusers with e-mail, Google, Facebook, Foursquare, Twitter, OpenId and custom providers.rolesandpermissions(via Deadbolt 2)There is sample app for Java in it. You can incorporate it to your app.