Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Play Framework essentials

You're reading from   Play Framework essentials An intuitive guide to creating easy-to-build scalable web applications using the Play framework

Arrow left icon
Product type Book
Published in Sep 2014
Publisher
ISBN-13 9781783982400
Pages 200 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Julien R Foy Julien R Foy
Author Profile Icon Julien R Foy
Julien R Foy
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Play Framework Essentials
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
1. Building a Web Service FREE CHAPTER 2. Persisting Data and Testing 3. Turning a Web Service into a Web Application 4. Integrating with Client-side Technologies 5. Reactively Handling Long-running Requests 6. Leveraging the Play Stack – Security, Internationalization, Cache, and the HTTP Client 7. Scaling Your Codebase and Deploying Your Application Index

Handling security concerns


This section presents the main security challenges in web applications and how to handle them with the Play framework.

Authentication

In the previous chapter, we added a page that showed an auction room for an item. The form to participate in an auction requires users to fill their name and a price for the item. In this section, I propose to restrict auction rooms to authenticated users only. This means that if a non-authenticated user tries to go to an auction room, he is redirected to a login form. Once he is logged in, he is redirected back to the auction room, whose form now has only one field, the bid price, because the username can be retrieved from the user's identity.

To differentiate between identified and non-identified users, we rely on a session mechanism. Once a user is authenticated, he visits the pages of the application on behalf of his identity; two users might not see the same response when they go to the same page. To achieve this in a stateless...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime