Install Dependencies

There are two ways to install play-auth:

Install as Sub-Project

Add play-auth as git submodule:
git submodule add modules/play-auth

Add sbt project definition in your build.sbt file:

name := "example"
version := "1.0-SNAPSHOT"
libraryDependencies ++= Seq(
play.Project.playJavaSettings ++ Seq(
    ebeanEnabled := false

lazy val auth ="modules/play-auth"))
lazy val root =".")).dependsOn(auth).aggregate(auth)


Install from Local Repository


Create Shiro INI configuration

Create Shiro INI configuration at /conf/shiro.ini

# Match/generate passwords with Shiro's PasswordMatcher
credentialsMatcher = org.apache.shiro.authc.credential.PasswordMatcher
iniRealm.credentialsMatcher = $credentialsMatcher
# Read static security data from this file (see [users] & [roles] sections below)
securityManager.realms = $iniRealm



Setup Shiro Subject

Shiro Subject must be bound to current thread to be accessible and it should be scoped to current request as Play reuses threads.

The SubjectAwareAction does exactly this, so you can compose this action with your actions or controllers:

import ch.insign.playshiro.mvc.SubjectAwareAction;
public class Application extends Controller { ... }


The simplest way to achieve this is to "wrap" all actions with SubjectAwareAction in Global.onRequest method:

import java.lang.reflect.Method;
import play.GlobalSettings;
import play.mvc.Action;
import play.mvc.Http.Request;
import ch.insign.playshiro.mvc.SubjectAwareAction;
public class Global extends GlobalSettings {
    public Action onRequest(Request request, Method actionMethod) {
        // feel free to override SubjectAwareAction.doCall method
        // if you need to add your code for this action
        return new SubjectAwareAction();



Setup Custom AuthorizationHandler


Setup Custom AuthenticationListener


Setup Custom Realm