Authorizer

An Authorizer is responsible for determining if a given user is able to perform the requested action (in this case process the requested URL).

The Authorizer is passed the current request. The authorizer can inspect the Principal object if an AuthenciationStrategy was invoked prior. Alternatively, it may determine authorization based on some request-level criteria, such as ip address.

If the request is authorized then the Authorizer should continue the request pipeline. If the request is not authorized then the Authorizer would normally return an appropriate response, although it can choose to do anything it wishes.

How the Authorizer determines access is dependent on the implementation.

For example, the AccessListAuthorizer authorizes requests based on a given list of Principals. If the principals list does not contain the given Principal then a 403 is returned.

An AllAccessAuthorizer authorizes all requests. This is useful when you have site wide authorization but wish to enable public access to a certain endpoint.

Usually you will want to implement a custom Authorizer, which may check a user for a role, or some similar mechanism. To implement a custom Authorizer, extend from Authorizer implementing the authorization check.

Linear Supertypes

AnyRef, Any

Known Subclasses

AccessListAuthorizer, AllAccessAuthorizer, NoAccessAuthorizer, RoleAuthorizer

Abstract Value Members

abstract def authorize(req: HttpRequest, f: (HttpRequest) ⇒ Future[HttpResponse]): Future[HttpResponse]

Concrete Value Members

final def !=(arg0: AnyRef): Boolean

Definition Classes
AnyRef
final def !=(arg0: Any): Boolean

Definition Classes
Any
final def ##(): Int

Definition Classes
AnyRef → Any
final def ==(arg0: AnyRef): Boolean

Definition Classes
AnyRef
final def ==(arg0: Any): Boolean

Definition Classes
Any
final def asInstanceOf[T0]: T0

Definition Classes
Any
def clone(): AnyRef

Attributes
protected[java.lang]
Definition Classes
AnyRef
Annotations
@throws( ... )
final def eq(arg0: AnyRef): Boolean

Definition Classes
AnyRef
def equals(arg0: Any): Boolean

Definition Classes
AnyRef → Any
def finalize(): Unit

Attributes
protected[java.lang]
Definition Classes
AnyRef
Annotations
@throws( classOf[java.lang.Throwable] )
final def getClass(): Class[_]

Definition Classes
AnyRef → Any
def hashCode(): Int

Definition Classes
AnyRef → Any
final def isInstanceOf[T0]: Boolean

Definition Classes
Any
final def ne(arg0: AnyRef): Boolean

Definition Classes
AnyRef
final def notify(): Unit

Definition Classes
AnyRef
final def notifyAll(): Unit

Definition Classes
AnyRef
final def synchronized[T0](arg0: ⇒ T0): T0

Definition Classes
AnyRef
def toString(): String

Definition Classes
AnyRef → Any
final def wait(): Unit

Definition Classes
AnyRef
Annotations
@throws( ... )
final def wait(arg0: Long, arg1: Int): Unit

Definition Classes
AnyRef
Annotations
@throws( ... )
final def wait(arg0: Long): Unit

Definition Classes
AnyRef
Annotations
@throws( ... )

trait Authorizer extends AnyRef

Abstract Value Members

abstract def authorize(req: HttpRequest, f: (HttpRequest) ⇒ Future[HttpResponse]): Future[HttpResponse]

Concrete Value Members

final def !=(arg0: AnyRef): Boolean

final def !=(arg0: Any): Boolean

final def ##(): Int

final def ==(arg0: AnyRef): Boolean

final def ==(arg0: Any): Boolean

final def asInstanceOf[T0]: T0

def clone(): AnyRef

final def eq(arg0: AnyRef): Boolean

def equals(arg0: Any): Boolean

def finalize(): Unit

final def getClass(): Class[_]

def hashCode(): Int

final def isInstanceOf[T0]: Boolean

final def ne(arg0: AnyRef): Boolean

final def notify(): Unit

final def notifyAll(): Unit

final def synchronized[T0](arg0: ⇒ T0): T0

def toString(): String

final def wait(): Unit

final def wait(arg0: Long, arg1: Int): Unit

final def wait(arg0: Long): Unit

Inherited from AnyRef

Inherited from Any

Ungrouped