SecureSocialAuthentication Module for Play!              Jorge Aliss               @jaliss           Sponsored by
AgendaOverviewMain concepts: Identity Providers, Identity, UserServiceInstallationConfigurationProtecting ActionsUsernameP...
OverviewWhat does it do?Why did I do it?11/11/2011: First release (Play 1)06/05/2012: Play 2 version
Demo
Identity ProvidersA provider implements the logic required to support an               authentication scheme.          OAu...
IdentityRepresents a user in a ProviderProviders return an instance of this trait upon successfulauthenticationModeled wit...
UserServiceProvides a way to persist/find Identities from a backing storeNo imposed persistence mechanism. Developer is fr...
Installation      Available as a downloadable dependency      Stable versions and master snapshotsojc Apiainul etnsBid{ be...
ConfigurationSettings go in a securesocial section of your conf fileGlobal settings: onLoginGoto, onLogoutoTo, ssl   scrsc...
ConfigurationUsername Password Providerueps { sras  wtUeNmSpotfle   ihsraeupr=as  snWloemi=re   edecmEaltu  ealGaaaSpottu ...
Configuration       OAuth 1 and OAuth 2 based providerstitr{ wte   rqetoeUl"tp:/wte.o/at/eus_oe"    eusTknr=hts/titrcmouhr...
Protecting ActionsSecuredAction: intercepts requests and redirects them to alogin page if the user is not authenticated (r...
SecuredAction    Add the SecureSocial trait to your controllersdfmAto =Scrdcin{ipii rqet= e ycin   eueAto  mlct eus >   O(...
AuthorizationTo add authorization logic to an action you need to implement                   the Authorization trait.   cs...
UsernamePassword            ProviderEnforces flows that prevent leaking information in theSignup, Login and Password recov...
Password ValidatorUsed to enforce password strengthDefaultPasswordValidator: checks length specified in settingsfileTo cus...
Password HasherBuilt in (and recommended) is based on BcryptSeveral can be configured, allowing easy migration to newalgor...
Views CustomizationBuilt in templates use Twitter BootstrapTemplatesPlugin: used to render views/emailsTo customize: chang...
InternationalizationBuilt in messages are extractedTo customize: copy the messages from the sources into yourmessages file...
Creating an Identity          Providerasrc casIettPoie(plcto:Apiain btat ls dniyrvdrapiain plcto)    etnsPui wt Rgsrbe    ...
Whats nextOpenID supportMore providers (eg:Foursquare, Wordpress, Yahoo).Account linking support
Main Sponsor  Previous sponsor
Q&A
LinksProject site: http://www.securesocial.wsGitHub: https://github.com/jaliss/securesocial
Thank you  Scala BASE
Upcoming SlideShare
Loading in...5
×

SecureSocial - Authentication for Play Framework

4,176

Published on

Slides for the SecureSocial presentation at the Scala BASE meetup in Palo Alto on Dec 12th 2012

Published in: Technology
2 Comments
4 Likes
Statistics
Notes
  • @JacekLaskowski the presentation is a bit old and applies to versions 2.1.x of the module. There are a lot of upcoming changes in 3.0 (currently available in 3.0-M1 and master-SNAPSHOT). Feel free to ping me or send me an email if you need help using the newer version.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • I'm wondering how current the presentation's content is these days? I would not be surprised to be told it's a bit outdated. As an intro to SecureSocial it works well.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
4,176
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
34
Comments
2
Likes
4
Embeds 0
No embeds

No notes for slide

SecureSocial - Authentication for Play Framework

  1. 1. SecureSocialAuthentication Module for Play! Jorge Aliss @jaliss Sponsored by
  2. 2. AgendaOverviewMain concepts: Identity Providers, Identity, UserServiceInstallationConfigurationProtecting ActionsUsernamePassword providerPassword rules and hashing algorithmsViews customizationInternationalizationExtending SecureSocial
  3. 3. OverviewWhat does it do?Why did I do it?11/11/2011: First release (Play 1)06/05/2012: Play 2 version
  4. 4. Demo
  5. 5. Identity ProvidersA provider implements the logic required to support an authentication scheme. OAuth 1: Twitter, LinkedIn OAuth 2: Facebook, Google, GitHub OpenID (coming soon) Username and Password Your own provider
  6. 6. IdentityRepresents a user in a ProviderProviders return an instance of this trait upon successfulauthenticationModeled with a trait in Scala and an interface on the Java API tatIett { ri dniy dfi:UeI e d srd dffrtae Srn e isNm: tig dflsNm:Srn e atae tig dfflNm:Srn e ulae tig dfeal Oto[tig e mi: pinSrn] dfaaaUl Oto[tig e vtrr: pinSrn] dfatMto:AtetctoMto e uhehd uhniainehd dfouhIf:Oto[At1no e At1no pinOuhIf] dfouhIf:Oto[At2no e At2no pinOuhIf] dfpswrIf:Oto[asodno e asodno pinPswrIf] }
  7. 7. UserServiceProvides a way to persist/find Identities from a backing storeNo imposed persistence mechanism. Developer is free touse anythingAny class implementing Identity can be returned: this allowsyou to return your own model class tatUeSrie{ ri srevc dffn(d UeI)Oto[dniy e idi: srd:pinIett] dffnBEalnPoie(mi:Srn,poieI:Srn)Oto[dni e idymiAdrvdreal tig rvdrd tig:pinIett y] dfsv(sr Iett) e aeue: dniy / temtosta hnl tkn aeue / h ehd ht ade oes r sd / i sg u adrstpswr rqet / n in p n ee asod euss dfsv(oe:Tkn e aetkn oe) dffnTkntkn Srn) Oto[oe] e idoe(oe: tig: pinTkn dfdltTknui:Srn) e eeeoe(ud tig dfdltEprdoes) e eeexieTkn( }
  8. 8. Installation Available as a downloadable dependency Stable versions and master snapshotsojc Apiainul etnsBid{ bet plctoBid xed ul vlapae a pNm ="yp" MAp vlapeso a pVrin ="." 10 vlapeednis=Sq a pDpnece e( "eueoil %"eueoil291 %".." scrsca" scrsca_.." 207 ) vlmi =PaPoetapae apeso,apeednis miLn =S a an lyrjc(pNm, pVrin pDpnece, anag CAA.etns L)stig( rsles+ Rsle.r(ScrSca Rpstr" ul"tp/scrs eovr = eovrul"eueoil eoioy, r(ht:/eueoilw/eoioyrlae/)(eovriytlPten) ca.srpstr/eess")Rsle.vSyeatrs )}
  9. 9. ConfigurationSettings go in a securesocial section of your conf fileGlobal settings: onLoginGoto, onLogoutoTo, ssl scrsca { eueoil oLgnoo/ noiGT= oLguGT=lgn nootoo/oi slfle s=as }
  10. 10. ConfigurationUsername Password Providerueps { sras wtUeNmSpotfle ihsraeupr=as snWloemi=re edecmEaltu ealGaaaSpottu nbervtrupr=re tknuain6 oeDrto=0 tkneeenevl5 oeDltItra= ealTkno=re nbeoeJbtu hse=cyt ahrbrp mnmmasodegh8 iiuPswrLnt=}
  11. 11. Configuration OAuth 1 and OAuth 2 based providerstitr{ wte rqetoeUl"tp:/wte.o/at/eus_oe" eusTknr=hts/titrcmouhrqettkn acsTknr=hts/titrcmouhacs_oe" cesoeUl"tp:/wte.o/at/cestkn atoiainr=hts/titrcmouhatetct" uhrztoUl"tp:/wte.o/at/uhniae cnueKyyu_osmrky osmre=orcnue_e cnueSce=orcnue_ert osmrertyu_osmrsce}fcbo { aeok atoiainr=hts/gahfcbo.o/at/uhrz" uhrztoUl"tp:/rp.aeokcmouhatoie acsTknr=hts/gahfcbo.o/at/cestkn cesoeUl"tp:/rp.aeokcmouhacs_oe" cinI=orcin_d letdyu_leti cinSce=orcin_ert letertyu_letsce soeeal cp=mi}
  12. 12. Protecting ActionsSecuredAction: intercepts requests and redirects them to alogin page if the user is not authenticated (returnsunauthorized error for ajax calls)Authorization: SecuredActions can receive an Authorizationinstance that checks if an authenticated user is authorized toexecute it. Renders an error page (returns forbidden for ajaxcalls)
  13. 13. SecuredAction Add the SecureSocial trait to your controllersdfmAto =Scrdcin{ipii rqet= e ycin eueAto mlct eus > O(iw.tlidxrqetue) kveshm.ne(eus.sr)}dfmAaCl =Scrdcintu){ipii rqet= e yjxal eueAto(re mlct eus > O(sntJo(a(msae - "el").sJO) kJo.osnMp"esg" > hlo))a(SN}
  14. 14. AuthorizationTo add authorization logic to an action you need to implement the Authorization trait. cs casWtRl(oe Rl)etnsAtoiain{ ae ls ihoerl: oe xed uhrzto dfiAtoie(dniy Iett) Boen={ e suhrzdiett: dniy: ola iett mth{ dniy ac cs ue:Ue = ue.aRl(oe ae sr sr > srhsoerl) cs _= ae > Lge.ro(DdntgtaSsinsrojc" ogrerr"i o e esoUe bet) fle as } } } dfmAto =Scrdcin WtRl(di)){ipii rqet= e ycin eueAto( ihoeAmn mlct eus > O(iw.tlidxrqetue) kveshm.ne(eus.sr) }
  15. 15. UsernamePassword ProviderEnforces flows that prevent leaking information in theSignup, Login and Password recovery flowsPassword change functionalityEnforces password strength and hashing
  16. 16. Password ValidatorUsed to enforce password strengthDefaultPasswordValidator: checks length specified in settingsfileTo customize, implement the PasswordValidator and registerit in the play.plugins file tatPswrVldtretnsPui { ri asodaiao xed lgn dfiVldpswr:Srn) Boen e sai(asod tig: ola dferresg:Srn e roMsae tig }
  17. 17. Password HasherBuilt in (and recommended) is based on BcryptSeveral can be configured, allowing easy migration to newalgorithms as neededPasswordInfo: stores the hashed password, an optional saltand the hasher idPasswords are hashed with the default hasher tatPswrHse etnsPui wt Rgsrbe{ ri asodahr xed lgn ih eital dfhs(liPswr:Srn) PswrIf e ahpanasod tig: asodno dfmthspswrIf:PswrIf,splePswr:Srn) Boen e ace(asodno asodno upidasod tig: ola }
  18. 18. Views CustomizationBuilt in templates use Twitter BootstrapTemplatesPlugin: used to render views/emailsTo customize: change css or implement and register itinstead of the default one dfgtoiPg[]ipii rqet RqetA, e eLgnaeA(mlct eus: eus[] fr:Fr[Srn,Srn), om om(tig tig] mg Oto[tig =Nn) Hm s: pinSrn] oe: tl dfgtinpmi(oe:Srn)ipii rqet Rqetedr:Srn e eSgUEaltkn tig(mlct eus: eusHae) tig dfgtoiPg[]ipii rqet RqetA, e eLgnaeA(mlct eus: eus[] fr:Fr[Srn,Srn), om om(tig tig] mg Oto[tig =Nn) Hm = s: pinSrn] oe: tl { scrsca.iw.tllgnfr,mg eueoilveshm.oi(om s) } dfgtinpmi(oe:Srn)ipii rqet Rqetedr:Srn ={ e eSgUEaltkn tig(mlct eus: eusHae) tig scrsca.iw.tlmissgUEaltkn.oy eueoilveshm.al.inpmi(oe)bd }
  19. 19. InternationalizationBuilt in messages are extractedTo customize: copy the messages from the sources into yourmessages file and change as needed scrsca.oi.il=oi eueoillgntteLgn scrsca.oi.eehr eueoillgnhr=ee scrsca.oi.naiCeetasIvldCeetas eueoillgnivldrdnil=nai rdnil scrsca.oi.ogtasodDdyufre yu pswr? eueoillgnfroPswr=i o ogt or asod
  20. 20. Creating an Identity Providerasrc casIettPoie(plcto:Apiain btat ls dniyrvdrapiain plcto) etnsPui wt Rgsrbe xed lgn ih eital{ . . dfdAt[])ipii rqet RqetA)Ete[eut ScaUe] e ouhA((mlct eus: eus[]:ihrRsl, oilsr dfflPoieue:ScaUe)ScaUe e ilrfl(sr oilsr:oilsr . .}
  21. 21. Whats nextOpenID supportMore providers (eg:Foursquare, Wordpress, Yahoo).Account linking support
  22. 22. Main Sponsor Previous sponsor
  23. 23. Q&A
  24. 24. LinksProject site: http://www.securesocial.wsGitHub: https://github.com/jaliss/securesocial
  25. 25. Thank you Scala BASE
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×