scalatra-auth provides a framework for most common use cases, and can
be extended to others. If it's too heavy, or makes assumptions that
don't fit your needs, there are some other tricks that can be done
entirely inside core. (No compiler handy, may require a little
tweaking.)
// Define this however you want
def isAuthorized(implicit request: HttpServletRequest): Boolean
// before filters take the same kind of path matchers as routes do
before("/protected/*") {
if (!isAuthorized(request))
halt(403)
}
get("/protected/foo/:id") {
// protected by before filter.
}
If you don't like before filters, you can create something like this:
// reusable logic that gets explicitly applied. Not as concise as
a before filter,
// but a little less magical.
def ifAuthorized(authorized: => Any)(forbidden: => Any = { halt(403) }) = {
if (isAuthorized(request)) authorized else forbidden
}
get("/protected/foo/:id") {
ifAuthorized {
showFoo(params("id"))
--
Ross A. Baker
ba...@alumni.indiana.edu
Indianapolis, IN, USA