Home/ Questions/Q 7579467
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T17:41:16+00:00

i have the following customized security controller using the secure module for play: public

  • 0

i have the following customized security controller using the secure module for play:

public class Security extends Secure.Security {

    static boolean authenticate(String username, String password) {

        validation.required(username);
        validation.required(password);

        if (!validation.hasErrors()) {
            BetaUser user = BetaUser.find("username", username).first();

            if (user != null && user.password.equals(password)) {
                Session.current().put("userid", user.id);
                return true;
            }

            return false;
        }
        else {
            return false;
        }
    }

    static void onAuthenticated() {
        Series.userSeries();
    }

    static void onDisconnected() {
        Application.index();
    }

    static boolean check(String profile) {
        if ("admin".equals(profile)) {
            return Security.connected().equals("admin");
        }
        return false;
    }
}

In this case the validation mechanism in the authenticate methode works. When i use annotations the password parameter doesn`t get validatet anymore:

static boolean authenticate(@Required String username, @Required String password) {

    if (!validation.hasErrors()) {
        BetaUser user = BetaUser.find("username", username).first();

        if (user != null && user.password.equals(password)) {
            Session.current().put("userid", user.id);
            return true;
        }

        return false;
    }
    else {
        return false;
    }
}

The strange thing is, that the username validation actually does work (error when username is empty). When only the password is left empty the validation has no errors…

I hope that you can help me.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    After I dig around,

    Validating HTTP data with play

    Validations ensure that the data has certain values or meet specific
    requirements. You can use validation to verify that your models are
    correct before saving them to the database    , or use them directly on
    HTTP parameters to validate a simple form    .

    Ref : http://www.playframework.org/documentation/1.2.4/validation

    Before call your implement method, it call authenticate method in Secure class first. So, this it why annotation it not works in your implement method.

    public static void authenticate(@Required String username, String password, boolean remember) throws Throwable {
        // Check tokens
        Boolean allowed = false;
        try {
            // This is the deprecated method name
            allowed = (Boolean)Security.invoke("authentify", username, password);
        } catch (UnsupportedOperationException e ) {
            // This is the official method name
            allowed = (Boolean)Security.invoke("authenticate", username, password);
        }
        if(validation.hasErrors() || !allowed) {
            flash.keep("url");
            flash.error("secure.error");
            params.flash();
            login();
        }
        // Mark user as connected
        session.put("username", username);
        // Remember if needed
        if(remember) {
            response.setCookie("rememberme", Crypto.sign(username) + "-" + username, "30d");
        }
        // Redirect to the original URL (or /)
        redirectToOriginalURL();
    }

    Your can see this thread for deep reason why it not works -> parameter validation with net.sf.oval (in play framework)

    • 0