Deadbolt-2 library is a solution. However, if you want to build your very own one, firstly, you need to read https://www.playframework.com/documentation/2.4.x/ScalaActionsComposition.
Actually, it is not that difficult and you can implement almost unlimited, very flexiable solution.
The basic idea is to define a UserAuthAction, like:
@Singleton
class UserAuthAction @Inject() (principalService: PrincipalService) extends ActionBuilder[Request] with ActionFilter[Request] {
override protected def filter[A](request: Request[A]) = Future.successful {
request.session.get(principalService.accessTokenCacheKey).map { accessToken =>
if (principalService.authenticate(accessToken))
None
else
Some(Results.Redirect(routes.PrincipalController.login()))
} getOrElse {
Some(Results.Redirect(routes.PrincipalController.login()))
}
}
}
And then compose it with the actions the do the actually job. For example:
@Singleton
class Application @Inject() (userAuthAction: UserAuthAction) extends Controller {
def index = (userAuthAction andThen anyAction) { request =>
Ok(views.html.index())
}
}
Along the way, if you are using ActionRefiner, you can even extract additional user information and provide it to the latter actions, such as anyAction above.