How can I do HTTP basic access authentication?

317 views
Skip to first unread message

Cody

unread,
Dec 14, 2010, 3:15:07 AM12/14/10
to play-framework
Hi,

Can someone give me an example about how to do http basic access
authentication via credentials?
My web application needs to expose APIs via HTTP with basic access
auth to third party, rather than redirect to a login page:
curl -u user:passwrod www.example.com/some_api
how can I do that with Play?
Thank you!

Erwan Loisant

unread,
Dec 14, 2010, 4:25:01 AM12/14/10
to play-fr...@googlegroups.com
Hi,

There's nothing specific in Play to do basic http auth, you'll have to
do it manually:
* Look at the Authorization header
* Base64-decode the string; you should get login:password
* See if the login/password combination is correct
* If not, add the header: WWW-Authenticate: Basic realm="somerealm"
and return a 401 (use the forbidden() method of Controller)

> --
> You received this message because you are subscribed to the Google Groups "play-framework" group.
> To post to this group, send email to play-fr...@googlegroups.com.
> To unsubscribe from this group, send email to play-framewor...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/play-framework?hl=en.
>
>

--
Erwan Loisant

Alexander Reelsen

unread,
Dec 14, 2010, 4:46:22 AM12/14/10
to play-fr...@googlegroups.com
Hi

On Dec 14, 2010, at 10:25 AM, Erwan Loisant wrote:

> There's nothing specific in Play to do basic http auth, you'll have to
> do it manually:
> * Look at the Authorization header
> * Base64-decode the string; you should get login:password
> * See if the login/password combination is correct
> * If not, add the header: WWW-Authenticate: Basic realm="somerealm"
> and return a 401 (use the forbidden() method of Controller)

Well, for requests you can check request.user and request.password variables - if the request included the Authorization Header, these fields will be prefilled

If you are not authenticated you can just use
unauthorized("realm")
in your controller.

No need to add headers manually. Play comes as usual with most of the stuff included.

Oh, and if you try to get the authorization header, make sure you call request.headers.get("authorization") without any capital letters, otherwise it will not work.


--Alexander

Guillaume Bort

unread,
Dec 14, 2010, 4:46:34 AM12/14/10
to play-fr...@googlegroups.com
Actually for Basic authentication, you can directly retrieve
username/password from the request using request.user,
request.password

--
Guillaume Bort, http://guillaume.bort.fr

For anything work-related, use g...@zenexity.fr; for everything else,
write guillau...@gmail.com

Reply all
Reply to author
Forward
0 new messages