Login by username/password:
import org.apache.shiro.authc.*
import ch.insign.playauth.PlayAuthApi;
public class CustomLoginService {
@Inject
private final PlayAuthApi playAuth;
public void login() {
UsernamePasswordToken token = new UsernamePasswordToken("username", "secretword")
token.setRememberMe(true);
try {
playAuth.login(token);
} catch (UnknownAccountException e) {
// username wasn't in the system.
} catch (IncorrectCredentialsException e) {
// password didn't match.
} catch (LockedAccountException e) {
// account for that username is locked - can't login.
} catch (ExpiredCredentialsException e) {
// credentials expired.
} catch (AuthenticationException e) {
// unexpected condition - error?
}
}
}
Login manually:
Optional<Party> p = playAuth.getPartyRepository().findOneByEmail("username@example.com");
p.ifPresent(playAuth::authenticate);
Restore remembered authentication:
if (playAuth.isRemembered()) {
playAuth.getPartyIdentifier() // Optional<String>
.flatMap(partyRepository::findById) // Optional<Party>
.ifPresent(playAuth::authenticate);
}
Note: For "remembered" party all checks on permissions and method
playAuth.getCurrentParty()
will work. To restrict acces only for authenticated in currrent serrion party you can use annotation:
@RequireAuthentification
If check fails by default user will be redirected on home page or admin/login if it was backend route.
Also it is possible to check it manually with
playAuth.isAuthenticated()
Logout:
if (playAuth.isAuthenticated()) {
playAuth.logout();
}
Impersonation is similar to authentication except that Play Auth retains information about the original (previous) party and allows to return back to the original authentication. Only authenticated party can impersonate another party.
Optional<Party> john = partyRepository.findOneByEmail("john@example.com");
Optional<Party> bob = partyRepository.findOneByEmail("bob@example.com");
john.ifPresent(playAuth::authenticate);
println(playAuth.getCurrentParty().getName()); // prints "john"
if (playAuth.isAuthenticated()) {
bob.ifPresent(playAuth::impersonate);
}
println(playAuth.getCurrentParty().getName()); // prints "bob"
if (playAuth.isImpersonated()) {
println(playAuth.getPreviousParty().getName()); // prints "john"
playAuth.endImpersonation();
}
println(playAuth.getCurrentParty().getName()); // prints "john"
Sometimes it is usefull to execute a piece of code as another party, e.g. in unit tests, scheduled jobs, etc.
final Party john = ...;
// to enable JPA inside the code block use PlayAuth.executeWithTransactionAs
boolean itWorks = playAuth.executeAs(john, () -> {
if (playAuth.getCurrentParty().equals(john)) {
return true;
} else {
return false;
}
});
assertTrue(itWorks); // this should never fail