Authentication and authorization module for Lift web framework based on Salat library. This project inspired by lift-mongoauth module, but I removed a lot of things, which I suppose is not related to authorization itself (however, some features are not implemented, just because :) ). The goal is to avoid using different ORMs in project using Salat.
Lift SalatAuth provides several base classes and default implementations for them. You should choose if you want to implement them yourself or use default implementation.
The user entity can be implemented as a case class extending ProtoUser.
case class User(
val _id: ObjectId,
override val username: String,
override val password: String,
val realName: String,
override val email: String,
override val roles: Set[String]
) extends ProtoUser(username, password, email, roles)The ProtoUser class uses your roles collection to set permissions properly. To make it work you have to set the collection during your application initialization:
class Boot {
def boot() {
...
SalatAuth.rolesCollection.default.set(Some(MongoConnection()("mydb")("roles")))
...If the default field set of ProtoUser is enough for you you can not define your own user class, but use SimpleUser instead.
Each user has a list of roles defined as strings. However role itself is a case class. The role name is an _id for a role. As it was described you need to set roles collection in boot to allow roles works properly. Roles contains a list of Permissions. Permissions are defined as a triplets of domain, action and entity.
val adminRole = Role("admin", "", List(Permission.All))
val userRole = Role("user", "", List(Permission("Messages"), Permission("Reports", "view"), Permission("Reports", "print"), Permission("Profile", "view")))
RolesDAO.save(adminRole)
RolesDAO.save(userRole)
val user = SimpleUser("admin", ProtoUser.hashPassword("secret"), "admin@example.com", Set("admin"))
UserDAO.save(user)Login manager is a core object of SalatAuth module. You can use SimpleLoginManager with SimpleUsers or implement your own one for custom entities. If you use "Simple" solution than you must define a collection in Boot:
SalatAuth.simpleCollection.default.set(Some(MongoConnection()("mydb")("users")))Else, you need to define your LoginManager to find users in MongoDB:
object MyLoginManager extends LoginManager[MyUser, ObjectId] {
override def findUserById(id: ObjectId): Option[MyUser] = {
MyUserDAO.findOneById(id)
}
override def getUserId(user: MyUser): ObjectId = user._id
}Now, when you have a LoginManager instance you must set it in Boot (SimpleLoginManager is the default setting):
SalatAuth.loginManager.default.set(MyLoginManager)There are several methods defined in trait Locs helps you to set required permissions on the entries in site map. Here is the example:
import net.liftmodules.salatauth.Locs._
def siteMap() = SiteMap(
Menu.i("index") / "index" >> Hidden,
Menu.i("messages") / "messages" >> RequireLoggedIn,
Menu.i("users") / "users" >> HasRole("admin"),
Menu.i("reports") / "reports" >> HasPermission("Reports" : "view")
buildLogin("login", Hidden :: Nil),
buildLogout("logout", Nil)
)In this example user has to be logged in for all pages except index, but to see users he must have "admin" role, and to see the reports he must have corresponding permission.