com.sksamuel.scruffy.security.authentication
Authenticate must either return a Scala Try with the result of the authentication.
Authenticate must either return a Scala Try with the result of the authentication. If the authentication was successful then it should return a Success of Principal. Otherwise it should return a Failure with some exception indicating the failure.
Returns an AuthenticationFailureHandler which is invoked with the result of authenticate if the authentication process fails.
Returns an AuthenticationFailureHandler which is invoked with the result of authenticate if the authentication process fails.
By default, a DefaultAuthenticationFailureHandler is returned which returns a Http 401.
An AuthenticationStrategy is responsible for retriving a Principal for the current request. How the Principal is retrieved is dependent on the type of strategy used.
For example, the BasicAuthenticationStrategy, named after HTTP Basic Auth, creates a Principal based on the credentials provided in the Authorization header. If no credentials are supplied an appropriate 401 is returned.
A SessionAuthenticationStrategy looks up a Principal from the current session. The session would have been populated previously by some previous mechanism (login page for example).
Another type of AuthenticationStrategy might be to use an API header key to lookup details from a key database.
To implement a custom strategy, extend from AuthenticationStrategy and implement authenticate. This method must return a Success[Principal] if the request should be authorized, or it should return a Failure with an error message if the request failed.