Login / Logout

Login by username/password:

import org.apache.shiro.authc.*
import ch.insign.playauth.PlayAuthApi;

public class CustomLoginService {

    @Inject
    private final PlayAuthApi playAuth;

    public void login() {
        UsernamePasswordToken token = new UsernamePasswordToken("username", "secretword")
        token.setRememberMe(true);
     
        try {
            playAuth.login(token);
        } catch (UnknownAccountException e) {
            // username wasn't in the system.
        } catch (IncorrectCredentialsException e) {
            // password didn't match.
        } catch (LockedAccountException e) {
            // account for that username is locked - can't login.
        } catch (ExpiredCredentialsException e) {
            // credentials expired.
        } catch (AuthenticationException e) {
            // unexpected condition - error?
        }
    }
}

Login manually:

Optional<Party> p = playAuth.getPartyRepository().findOneByEmail("username@example.com");
p.ifPresent(playAuth::authenticate);

Restore remembered authentication:

if (playAuth.isRemembered()) {
  playAuth.getPartyIdentifier() // Optional<String>
      .flatMap(partyRepository::findById) // Optional<Party>
      .ifPresent(playAuth::authenticate);
}

Note: For "remembered" party all checks on permissions and method

playAuth.getCurrentParty()

will work. To restrict acces only for authenticated in currrent serrion party you can use annotation:

@RequireAuthentification

If check fails by default user will be redirected on home page or admin/login if it was backend route.

Also it is possible to check it manually with 

playAuth.isAuthenticated()

 

Logout:

if (playAuth.isAuthenticated()) {
    playAuth.logout();
}

Impersonation

Impersonation is similar to authentication except that Play Auth retains information about the original (previous) party and allows to return back to the original authentication. Only authenticated party can impersonate another party.

Optional<Party> john = partyRepository.findOneByEmail("john@example.com");
Optional<Party> bob = partyRepository.findOneByEmail("bob@example.com");
john.ifPresent(playAuth::authenticate);
 
println(playAuth.getCurrentParty().getName()); // prints "john"
 
if (playAuth.isAuthenticated()) {
    bob.ifPresent(playAuth::impersonate);
}
 
println(playAuth.getCurrentParty().getName()); // prints "bob"
 
if (playAuth.isImpersonated()) {
    println(playAuth.getPreviousParty().getName()); // prints "john"
    playAuth.endImpersonation();
}
 
println(playAuth.getCurrentParty().getName()); // prints "john"

 

 

Execute Code as Another Party

Sometimes it is usefull to execute a piece of code as another party, e.g. in unit tests, scheduled jobs, etc.

final Party john = ...;
 
// to enable JPA inside the code block use PlayAuth.executeWithTransactionAs
boolean itWorks = playAuth.executeAs(john, () -> {
    if (playAuth.getCurrentParty().equals(john)) {
        return true;
    } else {
        return false;
    }
});
 
assertTrue(itWorks); // this should never fail