-
Notifications
You must be signed in to change notification settings - Fork 104
Migration guide
Version 4.x of pac4j is now required.
You no longer need to define a Play HttpActionAdapter
at the config
level as the PlayHttpActionAdapter.INSTANCE
is used by default (except for Deadbolt). You may also set specific Result
s via the PlayHttpActionAdapter
.
The specific keywords: _anonymous_
and _authenticated_
have been removed from the SecurityFilter
. The regular pac4j capabilities must be used.
The callback and logout controllers definition in the routes
file must now include the request
:
GET /callback @org.pac4j.play.CallbackController.callback()
POST /callback @org.pac4j.play.CallbackController.callback()
GET /logout @org.pac4j.play.LogoutController.logout()
becomes
GET /callback @org.pac4j.play.CallbackController.callback(request: Request)
POST /callback @org.pac4j.play.CallbackController.callback(request: Request)
GET /logout @org.pac4j.play.LogoutController.logout(request: Request)
The DefaultHttpActionAdapter
is deprecated and should be replaced by the PlayHttpActionAdapter
which is the same component except the name.
The play-pac4j
library has been renamed as play-pac4j_2.11
when built with Scala 2.11 and as play-pac4j_2.12
when built with Scala 2.12.
Scala trait Security
was revamped to be more consistent with actions and action builders in Play 2.6.
- removed function
List[P]=>Action[AnyContent]
and replaced byAuthenticatedRequest
encapsulating the request and the list of profiles - introduced support of any content type not only
AnyContent
-
Secure
method no longer returns anAction
, it returns instance ofActionBuilder
instead. That enables use of a standard simple action as well as use of any parser or even produce an asynchronous result. - introduced
SecurityComponents
extendingControllerComponents
to ease injection of dependencies - for backward compatibility, introduced a method
profiles
accepting implicitAuthenticatedRequest
and returningList[P]
The Security
trait extends the BaseController
and thus, the controllerComponents
must be injected. The HttpExecutionContext
no longer needs to be injected into the Security
trait.
The ApplicationLogoutController
has been renamed as LogoutController
and the PlayCacheStore
as PlayCacheSessionStore
.
The SecurityModule
class needs to bind the PlaySessionStore
to the PlayCacheStore
.
The PlayWebContext
needs a PlaySessionStore
, see examples at heading 5 (Get the user profile (ProfileManager
)).
The RequiresAuthentication
annotation and function have been renamed as Secure
with the clients
and authorizers
parameters (instead of clientName
and authorizerName
).
The UserProfileController
class and the getUserProfile
method in the Security
trait no longer exist and the ProfileManager
must be used instead.
The ApplicationLogoutController
behaviour has slightly changed: even without any url
request parameter, the user will be redirected to the defaultUrl
if it has been defined
The separate Scala and Java projects have been merged. You need to change the dependency play-pac4j-java
or play-pac4j-scala
to simply play-pac4j
.
The getUserProfile
method of the Security
trait returns a Option[CommonProfile]
instead of just a UserProfile
.
The DataStore
concept is replaced by the pac4j SessionStore
concept. The PlayCacheStore
does no longer need to be bound in the security module. A new session store could be defined using the config.setSessionStore
method.
The DefaultHttpActionAdapter
does not need to be bound in the security module, but must to be set using the config.setHttpActionAdapter
method.