5

I'm trying to use Deadbolt for authorization and Silhouette or SecureSocial for authentication using Play 2.3.3 and Scala 2.11.1.

MyDeadboltHandler has a getSubject to override and to do that I need to retrieve the user from the request. Using SecureSocial 2 that was quite straight forward.

override def getSubject[A](request: Request[A]): Option[Subject] = {
  SecureSocial.currentUser(request) match {
  case Some(identity) => // Subject could be created and returned
  case _ => None
}

I am not able to find any method in Silhouette to get the "current user". Also both Silhouette and SecureSocial have a SecuredRequest[AnyContent] (extended WrappedRequest) while getRequest method in MyDeadboltHandler expects a Request[A]. SecuredRequest is defined in the a trait which is not visible in MyDeadboltHandler.

Any advice is highly appreciated.

centr
  • 645
  • 7
  • 15
  • Silhouette doesn't have such a method at this time. If you are interested I can implement it. But note that this method will be return a Future like SecureSocial does it in the next version. – akkie Sep 01 '14 at 10:24
  • @akkie. Thanks for the neat and clean library. I'm definitely interested in using Silhouette with Deadbolt and to do that I think, we need to be able to extract currentUser from the request. I will ask if deadbolt has plans to handle Future in getSubject, however in worst scenario we have to block in getSubject method to retrieve the currentUser. (Another approach was to get the current user in controller and attach it to the request using WrappedRequest before sending to deadbolt's getSubject, but it did not work because SecuredRequest is not visible). – centr Sep 01 '14 at 14:19
  • You are welcome. I will implement the method in the next few days. To use the SecuredRequest you must include the Silhouette trait in your controller. – akkie Sep 01 '14 at 14:29
  • After investigating a bit more, I'm not sure if it's a good idea to create only a method to retrieve the current user. Because if you try to retrieve the current user you must first ask the authenticator service for a valid authenticator. If this authenticator isn't valid then it must be discarded. And for this action you need the Result in scope. So I think the best method would be some kind of action composition. If you are still interested to solve this issue, please create a new thread on the mailing list. Maybe Steve from Deadbolt can help us to find the best solution. – akkie Sep 11 '14 at 19:15
  • @akkie. Steve from Deadbolt changed the signature to def getSubject[A](request: Request[A]): Future[Option[Subject]] in the new deadbolt version 2.3.2. It should be fine now. Thanks. – centr Oct 21 '14 at 17:59

0 Answers0