/sses

Stupidly Simple Endpoint Security for the Play Framework

Primary LanguageScalaMIT LicenseMIT

sses

This is a very simple implementation of Basic Authentication so that you can put a username and/or password challenge on a Play Framework endpoint with one line of code.

If you're looking for a dead-simple way to protect an endpoint or HTML page from intruders (or possibly just making sure Google can't index your page), and don't mind having the credentials stored in your code, this (together with using an HTTPS connection) is probably "good enough". Use is at your own risk, of course.

Installation

Bring in the library by adding the following to your build.sbt.

  • The release repository:
   resolvers ++= Seq(
     "Millhouse Bintray"  at "http://dl.bintray.com/themillhousegroup/maven"
   )
  • The dependency itself:
   libraryDependencies ++= Seq(
     "com.themillhousegroup" %% "sses" % "1.0.10"
   )

Usage

Once you have sses added to your project, you can start using it like this:

Take your existing unprotected endpoint(s), that might look like this:

def showFoo(fooId: String) = Action {

  // Some code, returning a Result
  ...
}

def showBar(barId: String) = Action.async {

  // Some asynchronous code, returning a Future[Result]
  ...
}

def storeBaz = Action.async(parse.json) { request =>

  // Some asynchronous code that parses the request body into JSON, 
  // returning a Future[Result]
  ...
}

Add the import, and your desired protection (username-only, password-only or both). You can still use all of the nice Action features like .async and (parse.json) etc:

import com.themillhousegroup.sses._


def showFoo(fooId: String) = UsernameProtected("dave") {

  // Some code, returning a Result
  ...
}

def showBar(barId: String) = PasswordProtected("s3cr3t").async {

  // Some asynchronous code, returning a Future[Result]
  ...
}

def storeBaz = UsernamePasswordProtected("dave", "s3cr3t").async(parse.json) { request =>

  // Some asynchronous code that parses the request body into JSON, 
  // returning a Future[Result]
  ...
}

Credits

The original Basic-Auth code was taken from [http://www.mentful.com/2014/06/14/basic-authentication-filter-for-play-framework/](this blog post) where the functionality was implemented as a Play Global Filter.