Chapter 10. Security
This chapter covers
- Play security concepts
- Adding basic authentication with filters
- Fine-grained authentication with action composition
In this chapter, we’ll first look at Play 2 security concepts to understand what it means from a developer’s point of view to secure your application. We’ll review the different types of attacks our application can be exposed to and the tools Play 2 provides to secure our application. We’ll then move forward to actually implement security in our application, with basic authentication as an example, using filters. This section shows a low-level framework security implementation, but of course Play provides built-in helpers for authentication and authorization. Last, we’ll see how to use those helpers together with action composition to add more fine-grained security constraints to our application.
Web application frameworks are made to help developers building web applications. Some of them also help secure the web application. One framework is not more secure than another: if you use them correctly, you’ll be able to build secure apps with many frameworks. Some frameworks have some clever helper methods, for example against SQL injection, which makes it easier to build secure web applications.