Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Restful (and Stateless) Auth with Play Framework and Scala

I have recently been thinking about how to get my webframework/application-stack right. I'm slowly moving over to scala and functional programming (coming from Python with CherryPy). So it was natural to look into Play as it is the most widely supported framework (now that even Typesafe adopted it). Feel free to correct me if I'm missing something here.

So play is really embracing the idea of stateless webapps and I have a hard time wrapping my head around it in terms of authentication and authorization. Now after some online digging (The definitive guide to form-based website authentication) I came to conclusion that authentication and authorizing must be done on each and every call to my backend (JSON-RPC or whatever), getting away from the old session-cookie idea.

Now whats the best approach to achieve this with todays technology?

And what about:

I thought about "simple" DigestAuth as it is proven and widespread but then it has this similar feel to the old and rusty basic auth.

Thank you!

like image 260
AlessandroEmm Avatar asked Apr 30 '13 16:04

AlessandroEmm


1 Answers

You can easely get a work solution. But, not a good one. It seems that the advantage of stateless to stateful is no needs of sharing sessions. Easy to scale up. But, do authentication for each call is costly. Sometimes even add some extra database reads ops. This will slow down the response. If you want to cache the authentication result, then there will be no difference with a stateful session solution. As my opinion. You can not implements a Role Based Access Control in a stateless way!

like image 137
wpc Avatar answered Oct 15 '22 04:10

wpc