In my java-play application I have the annotation @RequiresAuthentication(clientName = "CasClient")
inside my controller.
I only want to authenticate users in my production environment.
How can I apply annotations conditionally?
If the way I'm approaching authentication is wrong, what is the conventional way of doing CAS authentication only on production in a java play application?
Annotation Type ConditionalIndicates that a component is only eligible for registration when all specified conditions match. A condition is any state that can be determined programmatically before the bean definition is due to be registered (see Condition for details).
Spring has introduced the @Conditional annotation that allows us to define custom conditions to apply to parts of our application context. Spring Boot builds on top of that and provides some pre-defined conditions so we don't have to implement them ourselves.
We can use Spring @Conditional annotation for the following scenarios: Condition whether a property is available or not using Environment variables, irrespective of its value. Like Profiles, Condition whether a property value is available or not using Environment variables.
You could implement authenticators to authenticate users. you could you write your authentication logic in your authenticator implementation.
Play already comes with a built in authenticator action, which we will extend to add our logic. We will call this authenticator Secured.
import play.*;
import play.mvc.*;
import play.mvc.Http.*;
import models.*;
public class Secured extends Security.Authenticator {
@Override
public String getUsername(Context ctx) {
return ctx.session().get("email");
}
@Override
public Result onUnauthorized(Context ctx) {
return redirect(routes.Application.login());
}
}
We have implemented two methods here. getUsername is used to get the username of the current logged in user. In our case this is the email address, that we set in the email attribute in the session when the user logged in. If this method returns a value, then the authenticator considers the user to be logged in, and lets the request proceed. If however the method returns null, then the authenticator will block the request, and instead invoke onUnathorized, which we have implemented to redirect to our login screen. You could implement your own business logic for user verify user.
Now let’s use this authenticator. In Application.java, add the @Security.Authenticated annotation with our authenticator to the index method:
import play.mvc.Controller;
import play.mvc.Result;
public class Application extends Controller {
@Security.Authenticated(Secured.class)
public static Result index() {
return ok(index.render(
Project.findInvolving(request().username()),
Task.findTodoInvolving(request().username()),
User.find.byId(request().username())
));
}
}
Refs:Play Implementing Authenticator Example
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With