An AuthenticationFilter is a Filter that can be added to any endpoint to enforce authentication for requests.
An AuthenticationStrategy is responsible for retriving a Principal for the current request.
An AuthenticationStrategy is responsible for retriving a Principal for the current request. How the Principal is retrieved is dependent on the type of strategy used.
For example, the BasicAuthenticationStrategy, named after HTTP Basic Auth, creates a Principal based on the credentials provided in the Authorization header. If no credentials are supplied an appropriate 401 is returned.
A SessionAuthenticationStrategy looks up a Principal from the current session. The session would have been populated previously by some previous mechanism (login page for example).
Another type of AuthenticationStrategy might be to use an API header key to lookup details from a key database.
To implement a custom strategy, extend from AuthenticationStrategy and implement authenticate. This method must return a Success[Principal] if the request should be authorized, or it should return a Failure with an error message if the request failed.
An AuthorizationStrategy that uses HTTP Basic Auth.
An AuthorizationStrategy that uses HTTP Basic Auth. The credentials will be provided in the form of a UserPassToken. Provide a TokenAuthenticator to determine if the presented UserPassToken is valid.
An implementation of AuthorizationStrategy that always denies requests.
A principal contains an identification for a user.
A principal contains an identification for a user.
a unique value identifying this principal in the underlying system. It could be a database id, a username, the login email, anything that uniquely identifies the user in the system.
Convenience filter, for session auth using the default session key for principals.
An AuthenticationStrategy that retrieves a Principal from the current session.
An AuthenticationStrategy that retrieves a Principal from the current session. This Principal is then added to the request for downstream processing.
The Principal must be set on the session by some step handled externally to this class, for example a login page or some SSO mechanism eg Kerberos.
If no Principal is set on the current session then a 401 is returned.
There must have been an appropriately configured SessionManager in the endpoint before authentication is attempted.
is used to specify the key that the Principal is stored in inside the session.
Convenience implementation of TokenAuthenticator that will authenticate against a provided set of valid credentials.
An AuthenticationFilter is a Filter that can be added to any endpoint to enforce authentication for requests.
The AuthenticationFilter delegates to an AuthenticationStrategy to perform the underlying authentication details.