Filters

Silhouette

Silhouette is an authentication library for Play Framework applications that supports several authentication methods, including OAuth1, OAuth2, OpenID, CAS, Credentials, Basic Authentication, Two Factor Authentication or custom authentication schemes.

Play provides a simple filter API for applying global filters to each request. Such a filter is basically the same as an action. It produces a request and returns a result. So it's possible to use the actions provided by Silhouette inside a filter to create a global authentication mechanism.

Next, you can find a simple example which shows how you could implement a filter to restrict access to a route.

class SecuredFilter @Inject() (silhouette: Silhouette[DefaultEnv], bodyParsers: PlayBodyParsers) extends Filter {

  override def apply(next: RequestHeader => Future[Result])(
    request: RequestHeader): Future[Result] = {
    
    // As the body of request can't be parsed twice in Play we should force 
    // to parse empty body for UserAwareAction
    val action = silhouette.UserAwareAction.async(bodyParsers.empty) { r =>
      request.path match {
        case "/admin" if r.identity.isEmpty => Future.successful(Unauthorized)
        case _ => next(request)
      }
    }

    action(request).run
  }
}

🚧

Info

Please refer to the Play Framework Documentation for how filters can be applied to your application.

🚧

What's Next