Skip to content

Instantly share code, notes, and snippets.

@danielnegri

danielnegri/ApplicationController.scala

Created February 25, 2015 15:09
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save danielnegri/2c7c420e893bfed7d310 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save danielnegri/2c7c420e893bfed7d310 to your computer and use it in GitHub Desktop.
Download ZIP
Playframework - Authentication + SSO
Raw
ApplicationController.scala
package controllers
import play.api._
import play.api.mvc._
import play.api.mvc.Results._
import play.api.data._
import play.api.data.Forms._
import play.api.Play.current
import play.api.libs.json._
import play.api.libs.json.Json._
import controllers.api.v1._
import models._
import views._
import com.pingidentity.opentoken._
import org.apache.commons.collections.map._
object Application extends Controller with Secured {
val ssoForm = Form(
"opentoken" -> nonEmptyText
)
def index = Action {
Redirect(routes.CategoriesController.index)
}
def login = Action {
Redirect(routes.CategoriesController.index)
}
def help = IsAuthenticated { _ => implicit request =>
Ok(html.help())
}
def sso = Action { implicit request =>
ssoForm.bindFromRequest.fold(
errors => {
val message = "Missing parameter [opentoken] - " + request
Logger.error(message)
BadRequest(message)
},
opentoken => {
val agent: Agent = new Agent(play.Play.application.configuration.getString("sso.agentPath"))
val userInfo = agent.readToken(opentoken)
val email: String = userInfo.get("email").toString
val firstName: String = userInfo.get("firstName").toString
val lastName: String = userInfo.get("lastName").toString
var user = User.findOrInsert(email, firstName, lastName)
user.updateSignIn
Logger.info("Logged: " + userInfo.toString)
Redirect(routes.CategoriesController.index).withSession(
"email" -> email
)
}
)
}
def logout = IsAuthenticated { currentUser => implicit request =>
Redirect(play.Play.application.configuration.getString("sso.logout")).withNewSession
}
}
/**
* Provide security features
*/
trait Secured extends play.api.mvc.AcceptExtractors {
/**
* Redirect to login if the user in not authorized.
*/
private def username(request: RequestHeader) = request.session.get("email")
/**
* Redirect to login if the user in not authorized.
* Unauthorized(views.html.defaultpages.unauthorized())
*/
private def onUnauthorized(request: RequestHeader) = {
if ( play.Play.application.configuration.getBoolean("sso.disabled") ) {
val email: String = play.Play.application.configuration.getString("sso.defaultUser")
var user = User.findOrInsert(email, "", "")
user.updateSignIn
Logger.info("Logged: " + user.toString)
Redirect(routes.CategoriesController.index).withSession(
"email" -> email
)
} else {
// Results.Redirect(play.Play.application.configuration.getString("sso.link"))
request match {
case Accepts.Html() => Results.Redirect(play.Play.application.configuration.getString("sso.link"))
case Accepts.Json() => {
val meta = Meta(401, "unauthorized_error", "Unauthorized.")
var response = JsObject(
"redirect" -> JsString(play.Play.application.configuration.getString("sso.link")) :: Nil
)
Unauthorized(Api.serializeResponse(meta, response))
}
case _ => Results.Redirect(play.Play.application.configuration.getString("sso.link"))
}
}
}
/**
* Action for authenticated users.
*/
def IsAuthenticated(f: => String => Request[AnyContent] => Result) = Security.Authenticated(username, onUnauthorized) { user =>
Action(request => f(user)(request))
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment