https://github.com/limansky/lift-salatauth
Lift authorization module based on Salat
https://github.com/limansky/lift-salatauth
Last synced: 2 months ago
JSON representation
Lift authorization module based on Salat
- Host: GitHub
- URL: https://github.com/limansky/lift-salatauth
- Owner: limansky
- License: apache-2.0
- Created: 2013-11-07T09:15:54.000Z (over 12 years ago)
- Default Branch: master
- Last Pushed: 2017-01-29T16:56:49.000Z (over 9 years ago)
- Last Synced: 2025-01-07T18:56:54.972Z (over 1 year ago)
- Language: Scala
- Size: 50.8 KB
- Stars: 1
- Watchers: 3
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
README
# Lift SalatAuth module
Authentication and authorization module for [Lift][Lift] web framework based on [Salat][Salat] library. This project inspired by [lift-mongoauth][lift-mongoauth] module. The goal is to avoid using different ORMs in project using Salat.
## Installing
The module is available in Sonatype repository. So, if you using sbt just add it to libraryDependencies.
For Lift 3.0.x `lift-salatauth` suports only Scala 2.11 (Scala 2.12 is not available yet, because there is not Salat for Scala 2.12):
```
"net.liftmodules" %% "salatauth_3.0" % "1.2"
```
For Lift 2.6.x it supports Scala 2.10 and 2.11:
```
"net.liftmodules" %% "salatauth_2.6" % "1.2"
```
For Lift 2.5.x use `lift-salatauth` 1.1 which supports Scala 2.10 and 2.9.2:
```
"net.liftmodules" %% "salatauth_2.5" % "1.1"
```
Or you can use current snapshot version:
[](https://travis-ci.org/limansky/lift-salatauth)
```
"net.liftmodules" %% "salatauth_2.6" % "1.3-SNAPSHOT"
```
## Usage
Lift SalatAuth provides several base classes and default implementations for them. You should choose if you want to implement them yourself or use default implementation.
### User entity
The user entity can be implemented as a case class extending ProtoUser.
```Scala
case class User(
val _id: ObjectId,
override val username: String,
override val password: String,
val realName: String,
override val email: String,
override val roles: Set[String]
) extends ProtoUser(username, password, email, roles)
```
The `ProtoUser` class uses your roles collection to set permissions properly. To make it work you have to set the collection during your application initialization:
```Scala
class Boot {
def boot() {
...
SalatAuth.rolesCollection.default.set(Some(MongoConnection()("mydb")("roles")))
...
```
If the default field set of `ProtoUser` is enough for you you can not define your own user class, but use `SimpleUser` instead.
### Permissions model
Each user has a list of roles defined as strings. However role itself is a case class. The role name is an `_id` for a role. As it was described you need to set roles collection in boot to allow roles works properly. Roles contains a list of `Permission`s. Permissions are defined as a triplets of domain, action and entity.
```Scala
val adminRole = Role("admin", "", List(Permission.All))
val userRole = Role("user", "", List(Permission("Messages"), Permission("Reports", "view"), Permission("Reports", "print"), Permission("Profile", "view")))
RolesDAO.save(adminRole)
RolesDAO.save(userRole)
val user = SimpleUser("admin", ProtoUser.hashPassword("secret"), "admin@example.com", Set("admin"))
UserDAO.save(user)
```
### LoginManager
Login manager is a core object of SalatAuth module. You can use `SimpleLoginManager` with `SimpleUser`s or implement your own one for custom entities. If you use "Simple" solution than you must define a collection in Boot:
```Scala
SalatAuth.simpleCollection.default.set(Some(MongoConnection()("mydb")("users")))
```
Else, you need to define your LoginManager to find users in MongoDB:
```Scala
object MyLoginManager extends LoginManager[MyUser, ObjectId] {
override def findUserById(id: ObjectId): Option[MyUser] = {
MyUserDAO.findOneById(id)
}
override def getUserId(user: MyUser): ObjectId = user._id
}
```
Now, when you have a `LoginManager` instance you must set it in Boot (`SimpleLoginManager` is the default setting):
```Scala
SalatAuth.loginManager.default.set(MyLoginManager)
```
### Defining SiteMap
There are several methods defined in trait `Locs` helps you to set required permissions on the entries in site map. Here is the example:
```Scala
import net.liftmodules.salatauth.Locs._
def siteMap() = SiteMap(
Menu.i("index") / "index" >> Hidden,
Menu.i("messages") / "messages" >> RequireLoggedIn,
Menu.i("users") / "users" >> HasRole("admin"),
Menu.i("reports") / "reports" >> HasPermission("Reports" : "view")
buildLogin("login", Hidden :: Nil),
buildLogout("logout", Nil)
)
```
In this example user has to be logged in for all pages except index, but to see users he must have "admin" role, and to see the reports he must have corresponding permission.
### Session handling
Session support was added in 1.1. This feature allows you to add "remember me" functionality. To do it you need to setup cookie settings you your Boot.scala, and add session check hook:
```Scala
SalatAuth.loginManager.default.set(MyLoginManager)
SalatAuth.sessionCookieName.default.set("MyAppLoginCookie")
SalatAuth.sessionsCollection.default.set(Some(mongoDB("authcookies")))
LiftRules.earlyInStateful.append(MyLoginManager.checkSession)
```
Now you can pass additional parameter to LoginManager.logUserIn function to set if user was authenticated and shall the login cookie be created.
In addition you can check if the user was authenticated using `RequireAuthenticated` parameter in your site map.
[Lift]: http://liftweb.net
[Salat]: https://github.com/novus/salat
[lift-mongoauth]: https://github.com/eltimn/lift-mongoauth