Received: by 10.68.233.170 with SMTP id tx10mr4055698pbc.0.1334433082386;
Sat, 14 Apr 2012 12:51:22 -0700 (PDT)
X-BeenThere: play-framework@googlegroups.com
Received: by 10.68.226.135 with SMTP id rs7ls14269367pbc.5.gmail; Sat, 14 Apr
2012 12:51:16 -0700 (PDT)
Received: by 10.68.236.170 with SMTP id uv10mr5628175pbc.4.1334433076206;
Sat, 14 Apr 2012 12:51:16 -0700 (PDT)
Received: by 10.68.236.170 with SMTP id uv10mr5628174pbc.4.1334433076190;
Sat, 14 Apr 2012 12:51:16 -0700 (PDT)
Return-Path: <sc...@scottphillips.com>
Received: from mail-pb0-f52.google.com (mail-pb0-f52.google.com [209.85.160.52])
by gmr-mx.google.com with ESMTPS id a5si16963583pbd.0.2012.04.14.12.51.15
(version=TLSv1/SSLv3 cipher=OTHER);
Sat, 14 Apr 2012 12:51:15 -0700 (PDT)
Received-SPF: pass (google.com: domain of sc...@scottphillips.com designates 209.85.160.52 as permitted sender) client-ip=209.85.160.52;
Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of sc...@scottphillips.com designates 209.85.160.52 as permitted sender) smtp.mail=sc...@scottphillips.com
Received: by pbcuo15 with SMTP id uo15so16832383pbc.25
for <play-framework@googlegroups.com>; Sat, 14 Apr 2012 12:51:15 -0700 (PDT)
d=google.com; s=20120113;
h=mime-version:x-originating-ip:in-reply-to:references:from:date
:message-id:subject:to:content-type:x-gm-message-state;
bh=v9T4cNB3mYtFOzg5/N0wb1TXU1p80fuOCE+v3mRQUkU=;
b=aibBtf1kUgRrCFVWHT3SOkJIMs6VroyXkveYqrdSMayjyNqBNq0BG9UOopHK7H9kkL
HbltCpswT5QuHFEat2xau/4FA3R24LsfNH8Sh+xk5sCun6QQSWojXFUrpMIdkJnUY0Bf
wXHaRs8WDkDB2izIK+FiRWQMDUqQ4dwmOrNUYmDoBpD6NIW689/6Sp0LRdn5bnqdP/Fz
TP73s451PyekcW1vKhUMTcA604sYXpob7Lo8iYqOoTRKaeXC4Q/gv6SqSGRf5uarJpmW
Ru3kvV3x5xRZdb0vzT69D0QNCGxD/2rOhPUMK2tzeDFbRsvH2zwxdmQ6CYWqvmbb5rg7
/e3A==
Received: by 10.68.136.40 with SMTP id px8mr9750685pbb.8.1334433075595; Sat,
14 Apr 2012 12:51:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.142.14.16 with HTTP; Sat, 14 Apr 2012 12:50:35 -0700 (PDT)
X-Originating-IP: [74.194.214.10]
In-Reply-To: <24980536.205.1334371688533.JavaMail.geo-discussion-forums@pbje9>
References: <24980536.205.1334371688533.JavaMail.geo-discussion-forums@pbje9>
From: Scott Phillips <sc...@scottphillips.com>
Date: Sat, 14 Apr 2012 14:50:35 -0500
Message-ID: <CAPs1SdNSttctBgOhsyiWH56JrEmT3ZyqDpOYR0KJZ0jYihk...@mail.gmail.com>
Subject: Re: [play-framework] Security in Play 2?
To: play-framework@googlegroups.com
Content-Type: multipart/alternative; boundary=047d7b15a805728ada04bda8e946
X-Gm-Message-State: ALoCoQlg9qztF69kXQwSxgzzb7EpgJERCunHL0PrEzPY0BqlkH8IPKdG8Ti+i5ZlZpMQFNwbFK31
--047d7b15a805728ada04bda8e946
Content-Type: text/plain; charset=ISO-8859-1
I would assume that you could use Spring security in the general
application without problem with Play 2.0. The only thing that might trip
things up is the securityContextHolder which maintains the security context
on the local thread. So you'd probably want to build a global intercepter
that always sets the context for the current thread. However, what you
can't use is anything in from the "Web Application Security" portion of the
library because that all assumes a regular servlet-based deployment which
isn't present with Play. It relays filters and chains and all that stuff.
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/springsecurity.html
vs
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/web-app-security.html
I think the closet project that I know in the play world to deliver this
type annotation style security checking is the Deadbolt module. With that
you can specify who's able to access what resources at the controller &
view level with annotation based expressions.
https://github.com/schaloner/deadbolt-2
Scott--
On Fri, Apr 13, 2012 at 9:48 PM, Pradeep Singh <prdpksi...@gmail.com> wrote:
> I've just started looking at Play 2 but out of curiosity I tried to
> explore what options were available for authentication and authorization in
> the framework. I don't see anything yet in the documentation. There does
> seem to be some documentation for Play 1 at
> http://www.playframework.org/documentation/1.2.3/guide8. Is this thing
> available in Play 2 as well? How does it compare with Spring Security?
> Because anything less than Spring Security won't be acceptable, unless
> there's a way to use Spring Security itself. Like I said, I am still
> exploring the framework. Lots of good stuff so far but security is
> something that'll be critical in my app.
>
> --
> You received this message because you are subscribed to the Google Groups
> "play-framework" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/play-framework/-/g-Tk7LFndAMJ.
> To post to this group, send email to play-framework@googlegroups.com.
> To unsubscribe from this group, send email to
> play-framework+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/play-framework?hl=en.
>
--047d7b15a805728ada04bda8e946
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<br>I would assume that you could use Spring security in the general applic=
ation without problem with Play 2.0. The only thing that might trip things =
up is the securityContextHolder which maintains the security context on the=
local thread. So you'd probably want to build a global intercepter tha=
t always sets the context for the current thread. However, what you can'=
;t use is anything in from the "Web Application Security" portion=
of the library because that all assumes a regular servlet-based deployment=
which isn't present with Play. It relays filters and chains and all th=
at stuff.<br>
<br><a href=3D"http://static.springsource.org/spring-security/site/docs/3.0=
.x/reference/springsecurity.html">http://static.springsource.org/spring-sec=
urity/site/docs/3.0.x/reference/springsecurity.html</a><br>vs<br><a href=3D=
"http://static.springsource.org/spring-security/site/docs/3.0.x/reference/w=
eb-app-security.html">http://static.springsource.org/spring-security/site/d=
ocs/3.0.x/reference/web-app-security.html</a><br>
<br>I think the closet project that I know in the play world to deliver thi=
s type annotation style security checking is the Deadbolt module. With that=
you can specify who's able to access what resources at the controller =
& view level with annotation based expressions.<br>
<br><a href=3D"https://github.com/schaloner/deadbolt-2">https://github.com/=
schaloner/deadbolt-2</a><br><br>Scott--<br><br><div class=3D"gmail_quote">O=
n Fri, Apr 13, 2012 at 9:48 PM, Pradeep Singh <span dir=3D"ltr"><<a href=
=3D"mailto:prdpksi...@gmail.com">prdpksi...@gmail.com</a>></span> wrote:=
<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">I've just started looking at Play 2 but =
out of curiosity I tried to explore what options were available for authent=
ication and authorization in the framework. I don't see anything yet in=
the documentation. There does seem to be some documentation for Play 1 at=
=A0<a href=3D"http://www.playframework.org/documentation/1.2.3/guide8" targ=
et=3D"_blank">http://www.playframework.org/documentation/1.2.3/guide8</a>. =
Is this thing available in Play 2 as well? How does it compare with Spring =
Security? Because anything less than Spring Security won't be acceptabl=
e, unless there's a way to use Spring Security itself. Like I said, I a=
m still exploring the framework. Lots of good stuff so far but security is =
something that'll be critical in my app.
<span class=3D"HOEnZb"><font color=3D"#888888"><p></p>
-- <br>
You received this message because you are subscribed to the Google Groups &=
quot;play-framework" group.<br>
To view this discussion on the web visit <a href=3D"https://groups.google.c=
om/d/msg/play-framework/-/g-Tk7LFndAMJ" target=3D"_blank">https://groups.go=
ogle.com/d/msg/play-framework/-/g-Tk7LFndAMJ</a>.<br>=20
To post to this group, send email to <a href=3D"mailto:play-framework@googl=
egroups.com" target=3D"_blank">play-framework@googlegroups.com</a>.<br>
To unsubscribe from this group, send email to <a href=3D"mailto:play-framew=
ork%2Bunsubscribe@googlegroups.com" target=3D"_blank">play-framework+unsubs=
cribe@googlegroups.com</a>.<br>
For more options, visit this group at <a href=3D"http://groups.google.com/g=
roup/play-framework?hl=3Den" target=3D"_blank">http://groups.google.com/gro=
up/play-framework?hl=3Den</a>.<br>
</font></span></blockquote></div><br>
--047d7b15a805728ada04bda8e946--
Message from discussion Security in Play 2?
| Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy |
| ©2013 Google |