Application secret
177 views
Skip to first unread message
Knut Arne Vedaa
Nov 26, 2015, 10:04:32 AM11/26/15
to play-framework
Hi,
The documentation states that
This doesn't seem to be the case. Whether I remove the secret entirely, or set it to "changeme", no error is thrown. I've not been able to produce an error due to a missing application secret.
How can I make sure the application secret is correctly configured?
I'm using Play 2.3.9.
Knut Arne Vedaa
The documentation states that
When started in prod mode, if Play finds that the secret is not set, or if it is set to changeme, Play will throw an error.This doesn't seem to be the case. Whether I remove the secret entirely, or set it to "changeme", no error is thrown. I've not been able to produce an error due to a missing application secret.
How can I make sure the application secret is correctly configured?
I'm using Play 2.3.9.
Knut Arne Vedaa
Will Sargent
Nov 26, 2015, 3:17:58 PM11/26/15
to play-fr...@googlegroups.com
Are you starting your application in prod mode using "testProd"?
--
You received this message because you are subscribed to the Google Groups "play-framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to play-framewor...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/play-framework/93da6a8a-6bb6-49a1-bf16-d169b39bd510%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Knut Arne Vedaa
Nov 27, 2015, 7:13:03 AM11/27/15
to play-framework
On Thursday, November 26, 2015 at 9:17:58 PM UTC+1, Will Sargent wrote:
Are you starting your application in prod mode using "testProd"?
Knut Arne Vedaa
Marius Soutier
Nov 27, 2015, 10:27:24 AM11/27/15
to play-fr...@googlegroups.com
Are you sure the correct application.conf is loaded? Try setting the secret to changeme in a “reference.conf”.
--
You received this message because you are subscribed to the Google Groups "play-framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to play-framewor...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/play-framework/0a827c17-1426-415e-9a46-02ed7a08d012%40googlegroups.com.
Micah Huff
Dec 1, 2015, 6:56:51 PM12/1/15
to play-framework
I'm seeing the same exact problem. I ran the dist task (activator dist), uploaded the ZIP file to my server, unzipped the file, and ran the application as follows:
./myapp/bin/myapp -Dconfig.file=prod.conf
prod.conf looks like this:
import "application"play.crypto.secret="changeme"
My application starts up just fine and works without error. I also see that it is running in 'Prod' mode in the startup log messages.
I have verified that my application is, in fact, running in 'Prod' mode by logging the following:
LOG.info(play.api.Play.current.mode.toString)
import play.api.Play.current
LOG.info(play.api.Play.isDev.toString)
LOG.info(play.api.Play.isProd.toString)
When I look at the log file, I get the following output for that set of messages:
[info] - com.test.controllers.AccountsController - Prod[info] - com.test.controllers.AccountsController - false[info] - com.test.controllers.AccountsController - true
I haven't had a chance to dig through the play framework and test this out yet - we're not to the point of it really mattering yet but may be worth someone looking at...
Micah Huff
Dec 1, 2015, 7:00:09 PM12/1/15
to play-framework
FWIW, I'm using play version 2.4.3
Marius Soutier
Dec 2, 2015, 4:25:40 AM12/2/15
to play-fr...@googlegroups.com
Is “prod.conf” in the directory from which you start the app? Can you try -Dconfig.resource=prod.conf instead?
To view this discussion on the web visit https://groups.google.com/d/msgid/play-framework/cca00565-adb8-4604-8346-1697700928bb%40googlegroups.com.
Knut Arne Vedaa
Dec 2, 2015, 8:22:43 AM12/2/15
to play-framework
It seems that I had misunderstood how this works. There is indeed an error thrown, but only when a request is made that appearently calls code that actually uses the secret. My impression from the documentation was that there would be an error thrown at startup (as there is when a database connection is invalid, for instance).
Knut Arne Vedaa
Knut Arne Vedaa
Micah Huff
Dec 2, 2015, 8:45:55 AM12/2/15
to play-fr...@googlegroups.com
That makes sense. I won't worry about this given that I'm not actually directly using the crypto functionality. How do we get the docs updated to reflect this properly? I wasted a couple hours yesterday trying to figure out if I was doing something wrong with my compile process and whatnot...turns out it is just poor docs.
- Micah
- Micah
--
You received this message because you are subscribed to a topic in the Google Groups "play-framework" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/play-framework/5ctHwCBWsXI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to play-framewor...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/play-framework/18b85f38-c9c3-4d5b-b7ac-6d8f34270d50%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages