Add GET Parameters to Play Framework 2.2 Response

0
votes

I have a Play Framework version 2.2.2 application. It's fairly simple. I am extending the Security.Authenticator to handle my request authentication.

I am passing in (via the request, either GET or POST) an authorization token generated by another app on the domain. This token is looked up in the database, and will eventually return the userId for the user (rather than the String userName like in the Play demo.

What I would like to do, is append the userId to the GET, so that I can extract the parameter with Javascript, as all the JS code I have currently depends on having a userId, and not the authentication token.

Is there any way to accomplish this, or am I trying to go about this the wrong way? I need to avoid using cookies unless it's otherwise impossible.

Thanks!

Edit

Here is what I am intending to do broken down step by step:

  • Frontend JS makes a request to Play application via GET request from a browser (eg. http://mycompany.com/playapp/home?authToken=5hgys7Sgh2u4iblahblah)
  • The request contains a authToken parameter, used for lookup in a user auth DB table
  • Play Security.Authenticator intercepts request before it makes it to its intended controller (let's say the controller is Application.java) -The Secured class that extends Security.Authenticator looks for the authToken in my GET data. -The value is used to do a reverse-lookup of the userId. -The Secured class public String getUsername(Http.Context ctx) is overridden to return the userId as a string (eg. "1234").

Now what I would like to do, is to modify the URL to append the userId on there (eg. http://mycompany.com/playapp/home?authToken=5hgys7Sgh2u4iblahblah&userId=1234)

I'm not entirely sure this is possible... but suffice it to say, I need to make a request via the browser, do the authentication, and then, upon successful request, let javascript know what the userId is. I would like to do this without setting a cookie, but that doesn't seem to likely now, the more that I think of it...

Update:

So what I ended up doing was setting my userId from inside my Secured.java on the session like this:

ctx.session().put("userId", userId);

Then, from whatever method has been authenticated with the annotation, I retreive the userId from the session like this:

Integer userId = Integer.parseInt(ctx().session().get("uid"));

I then pass the userId to my page template, and insert it into a Javascript variable. Works like a charm, and no cookies needed.

1
javajavascriptplayframeworkplayframework-2.2
You mixed something... response has no method ... Can you show us your approach ? - biesior
Yes, please see my edit. - sean.boyer
Why do you want to avoid setting a cookie? - Jason Pearson
@JasonPearson - One word: Europe. - sean.boyer

1 Answers

1
votes

Normally you would return userId in the HTML page that the GET returns. userId could be in the page as Javascript or as HTML. Or return it in a cookie and the javascript can get the cookie.

Many potential security issues though. How will you trust the userId coming back in future requests?