Hello Steve!

I'm using deadbolt in my play 2.3 application, it works perfectly in my views using:
"@restrictor(la(as("MyRole"))) {"

However, when I try to use it directly in controllers with something like:
"@restrict({@restrict("superadmin"), @restrict("admin"), @restrict("operator")})"

It comes out this error:

My controller looks like this:

The question is , which imports are the correct ones for Play 2.3 in order to use this annotations @CustomRestrict, @pattern and @restrict?

Another important query I have, and I want to use this issue to ask, is about how to use permissions and relations in authorised_user_user_permission table, from views and controllers?

Many thanks since now, for all your help and response!

Hello

I'm using Dependency Injection together with Spring repositories. So basically I inject repository to access database data. Using your code, I want to inject into SecurityHandler which extends AbstractDeadboltHandler, so I can use it in getSubject method. Are there any good ways to accomplish this?

At the moment, I'm solving it with

@Override
public Subject getSubject(Http.Context context)
{ 
    String email = context.session().get("email");

    UserRepository userRepository = Play.current().global().getControllerInstance(UserRepository.class);
    User user = userRepository.findByEmail(email);

    return user;
}

but I'm not sure if this is good approach. Any tips?

Hello,

My compiler complains when I use the latest Deadbolt version:

• MacOSX 10.8.3
• java version "1.7.0_17"
  Java(TM) SE Runtime Environment (build 1.7.0_17-b02)
  Java HotSpot(TM) 64-Bit Server VM (build 23.7-b01, mixed mode)
• Play 2.1.1

Error message:

[error] An exception has occurred in the compiler (1.7.0_17). Please file a bug at the Java Developer Connection (http://java.sun.com/webapps/bugreport) after checking the Bug Parade for duplicates. Include your program and the following diagnostic in your report. Thank you.
[error] java.lang.ClassCastException: com.sun.tools.javac.tree.JCTree$JCIdent cannot be cast to com.sun.tools.javac.tree.JCTree$JCAnnotation
[error] at com.sun.tools.javac.comp.Annotate.enterAttributeValue(Annotate.java:229)
[error] at com.sun.tools.javac.comp.Annotate.enterAttributeValue(Annotate.java:243)
[error] at com.sun.tools.javac.comp.Annotate.enterAnnotation(Annotate.java:181)
[error] at com.sun.tools.javac.comp.MemberEnter.enterAnnotations(MemberEnter.java:779)
[error] at com.sun.tools.javac.comp.MemberEnter.access$300(MemberEnter.java:57)
[error] at com.sun.tools.javac.comp.MemberEnter$5.enterAnnotation(MemberEnter.java:747)
[error] at com.sun.tools.javac.comp.Annotate.flush(Annotate.java:109)
[error] at com.sun.tools.javac.comp.Annotate.enterDone(Annotate.java:101)
[error] at com.sun.tools.javac.comp.Enter.complete(Enter.java:510)
[error] at com.sun.tools.javac.comp.Enter.main(Enter.java:469)
[error] at com.sun.tools.javac.main.JavaCompiler.enterTrees(JavaCompiler.java:929)
[error] at com.sun.tools.javac.main.JavaCompiler.compile(JavaCompiler.java:824)
[error] at com.sun.tools.javac.main.Main.compile(Main.java:439)
[error] at com.sun.tools.javac.main.Main.compile(Main.java:353)
[error] at com.sun.tools.javac.main.Main.compile(Main.java:342)
[error] at com.sun.tools.javac.main.Main.compile(Main.java:333)
[error] at com.sun.tools.javac.Main.compile(Main.java:76)
[error] at com.sun.tools.javac.Main.main(Main.java:61)
error javac returned nonzero exit code
[error] Total time: 230 s, completed Apr 8, 2013 9:09:57 AM

Compiling the deadbolt-usage-scala sample causes no problems despite the deadbolt.handler property is set to the non-existent security.MyDeadboltHandler class.
Setting the property to security.MyScalaboltHandler doesn't break anything nor does commenting the property out in the application.conf file. What's more the sample does not have the file play.plugins, and still it works perfectly.

When trying to do this in my application I got an error when the property wasn't defined, and when the class name wasn't right which was the expected behaviour. The unexpected is the error below when everything seems to be set up correctly:

[error] application - 

! @6b006dmg9 - Internal server error, for request [GET /] ->

play.api.Configuration$$anon$1: Configuration error [Error creating Deadbolt handler: security.SecHandler]
    at play.api.Configuration$.play$api$Configuration$$configError(Configuration.scala:71) ~[play_2.9.1.jar:2.0.2]
    at play.api.Configuration.reportError(Configuration.scala:258) ~[play_2.9.1.jar:2.0.2]
    at play.Configuration.reportError(Configuration.java:119) ~[play_2.9.1.jar:2.0.2]
    at be.objectify.deadbolt.DeadboltPlugin.onStart(DeadboltPlugin.java:67) ~[deadbolt-2_2.9.1-1.1.3-SNAPSHOT.jar:1.1.3-SNAPSHOT]
    at play.api.Play$$anonfun$start$1.apply(Play.scala:60) ~[play_2.9.1.jar:2.0.2]
    at play.api.Play$$anonfun$start$1.apply(Play.scala:60) ~[play_2.9.1.jar:2.0.2]
Caused by: java.lang.InstantiationException: security.SecHandler
    at java.lang.Class.newInstance0(Class.java:357) ~[na:1.6.0_24]
    at java.lang.Class.newInstance(Class.java:325) ~[na:1.6.0_24]
    at be.objectify.deadbolt.DeadboltPlugin.onStart(DeadboltPlugin.java:61) ~[deadbolt-2_2.9.1-1.1.3-SNAPSHOT.jar:1.1.3-SNAPSHOT]
    at play.api.Play$$anonfun$start$1.apply(Play.scala:60) ~[play_2.9.1.jar:2.0.2]
    at play.api.Play$$anonfun$start$1.apply(Play.scala:60) ~[play_2.9.1.jar:2.0.2]
    at scala.collection.LinearSeqOptimized$class.foreach(LinearSeqOptimized.scala:59) ~[scala-library.jar:0.11.3]

When trying to run the sample applications (inside samples folder) I get the following error:

play-2.0/deadbolt-usage/project/Build.scala:17: ')' expected but '.' found.
[error]       resolvers += Resolver.url("Objectify Play Repository", url("http://schaloner.github.com/snapshots/"))(Resolver.ivyStylePatterns)

I solved iby adding a comma after the first line:

resolvers += Resolver.url("Objectify Play Repository", url("http://schaloner.github.com/releases/"))(Resolver.ivyStylePatterns),
resolvers += Resolver.url("Objectify Play Repository", url("http://schaloner.github.com/snapshots/"))(Resolver.ivyStylePatterns)

I have been looking through the deadbolt 2 scala code to determine if getSubject is async or not, and I found it not to be.

It is used directly inside DeadboltActions#Restrict etc. without being wrapped in a Future. Action.async in Play 2.3 doesn't translate the call into a Future, but only requires it to return a Future.
Therefore if anyone, including me, decides to make a database call in getSubject we will block the request thread in Play which is bad.

Therefore I suggest getSubject is made to return an Future[Option[Subject]] instead of Option[Subject], because we then doesn't have a restriction on how long we block the request thread.

I have already implemented this in a copy of deadbolt 2 and it only took a couple of changes. If I'm wrong about this please correct me.

Hey Steve,

I just found out, that using the RC2 dependency for deadbolt2 causes problems with Play 2.2.1 (no problem with 2.2.0), because the cache dependency is pulled in with 2.2.0 instead of 2.2.1 (see https://github.com/schaloner/schaloner.github.com/blob/master/releases/be.objectify/deadbolt-java_2.10/2.2-RC2/ivys/ivy.xml:

<dependency org="com.typesafe.play" name="play-cache_2.10" rev="2.2.0" conf="compile->default(compile)"/>

would you mind recompiling deadbolt2 with Java 1.6 and Play 2.2.1 and add it to the maven repo?
It would allow me to fix up and close joscha/play-authenticate#134.

Hi,

when using:

@if(Deadbolt.viewRoleHolderPresent()) {
bla
} else {
bla
}

in templates, there are two null Logs made:

-- 8< --
2012-06-25T01:10:53+00:00 app[web.1]: [error] application - null
2012-06-25T01:10:53+00:00 app[web.1]: [error] application - null
--8< --

Not sure where they come from, but as soon as I comment out the piece of code above they don't appear any more.

Hi,

Are you going to support Play 2.4 and dependency injection?
So far the error message says:

Kind regards

Hi Steve,

We came across an issue, where @restrict works on the page(subtemplate) immediately referred by our controller in play, but it's not working when used in the parent template called.

We passed the deadbolt handler from the subtemplate; and in the our parent template page retrieve get the handler i.e.:

subtemplate:
@main("Managers", handler)

parent template:
@(title: String, handler: be.objectify.deadbolt.scala.DeadboltHandler)

However, when we put the following in the parent template

@subjectNotPresent(handler){
}

We get an error message that says "Cannot find any HTTP Request here" with the line above being highlighted.

Please let me know if this is a bug, or more likely, I miss something obvious.

Thank you,

Yogi

How can I make a controller forbidden for users that are logged in - e.g. @RoleHolderNotPresent ? Is there a way to achieve this via annotations or do I need to do this within the controller as code?

It will be good to fill https://github.com/schaloner/deadbolt-2-guide/blob/master/09-deadbolt-scala-templates.markdownm and https://github.com/schaloner/deadbolt-2-guide/blob/master/10-deadbolt-scala-controllers.markdown

Hi,

I use deadbolt in my app but I am blocked in my functional test when I want to test some rest api that are restrict.
Is it possible to disable deadbolt or to authenticate a fake user for ths kind of tests ?

Thanks

Hi there, I'm trying to authorize a client and a user.

For instance, only clients with the role "api" can access the actions of the controller "Api", and within the controller, only the users with the role "admin" can access the action "foo".

Example:

@Restrict(value=@Group("api"), handlerKey="client")
public class Api extends Controller {
    @Restrict(value=@Group("admin"), handlerKey="user")
    public static Result foo(){
        return ok();
    }
}

The issue is that the @restrict tag uses always the last handler called to check the subject. In the example above, the user handler is always called twice, where it should be called the client handler and then the user handler.

Best regards

In Play 2.1-TRUNK the combination of @restrict and @dynamic does not seem to be possible.

I tried

@Restrict("user")
@Dynamic("dyn")
public static Result bla...

and I wanted the role user to be present and then check whether this user has access to the actual resource requested...

I made my custom Deadbolt handler in Java because most of what I am using is java, but if I wanted to Deadbolt is some scala classes as well, would I have to implement another deadbolt handler in scala?

As far as I have seen, the upgrade to Play 2.2 requires deadbolt to:

• Change play's groupId to com.typesafe.play.
• Add cache next to javaCore to the dependencies where relevant (e.g. deadbolt-2-java).
• Use the new Action API, see http://www.playframework.com/documentation/2.2.x/Migration22 (this affects both deadbolt-2-java and deadbolt-2-scala.

I have the code:

@Security.Authenticated(Secured.class)
@DeadboltPattern(value="USERS_.*", patternType = PatternType.REGEX)
public class Users extends Controller {

    @DeadboltPattern("USERS_VIEW")
    public static Result index() {
        ...

And for me it doesn't work, because in my DeadboltHandler I get current user's username from request().username(), which sets in Secure.

    @Override
    public Result beforeRoleCheck(Http.Context context) {
        if (context.request().username() == null) {

So, if I leave only class level annotation - it works, but for method level - it doesn't. Which is sad, because I can't do action specific restrictions.

[info] Updating {file:/Users/sjbwybls/Work/Dinner/catering/trunk/server/}server...
[warn] module not found: be.objectify#deadbolt-2_2.10;1.1.2
[warn] ==== local: tried
[warn] /Users/sjbwybls/Document/gitrepo/play/Play20/repository/local/be.objectify/deadbolt-2_2.10/1.1.2/ivys/ivy.xml
[warn] ==== Typesafe Releases Repository: tried
[warn] http://repo.typesafe.com/typesafe/releases/be/objectify/deadbolt-2_2.10/1.1.2/deadbolt-2_2.10-1.1.2.pom
[warn] ==== Typesafe Snapshots Repository: tried
[warn] http://repo.typesafe.com/typesafe/snapshots/be/objectify/deadbolt-2_2.10/1.1.2/deadbolt-2_2.10-1.1.2.pom
[warn] ==== Objectify Play Repository: tried
[warn] http://schaloner.github.com/releases/be.objectify/deadbolt-2_2.10/1.1.2/ivys/ivy.xml
[warn] ==== public: tried
[warn] http://repo1.maven.org/maven2/be/objectify/deadbolt-2_2.10/1.1.2/deadbolt-2_2.10-1.1.2.pom
[warn] ::::::::::::::::::::::::::::::::::::::::::::::
[warn] :: UNRESOLVED DEPENDENCIES ::
[warn] ::::::::::::::::::::::::::::::::::::::::::::::
[warn] :: be.objectify#deadbolt-2_2.10;1.1.2: not found
[warn] ::::::::::::::::::::::::::::::::::::::::::::::
error sbt.ResolveException: unresolved dependency: be.objectify#deadbolt-2_2.10;1.1.2: not found
[error] Total time: 13 s, completed 2012-12-4 2:34:56

I was trying to combine multiple restrictions like this:

@Restrict(value = {@Group({"foo", "bar"})})
@Pattern(handlerKey = "pureLuck", value = "printers.printer")
public static Result test()
{
    return ok(accessOk.render());
}

The first check passes because the subject has "foo" and "bar" roles.
The second check doesn't pass if it is used alone (not after @restrict)
I expect the overall check not to pass, but it does pass and the content is rendered.
I read the source and saw that, if a restriction is passed with an action (say the first @restrict),
the request is marked as authorized ( markActionAsAuthorised(ctx);) and when the next delegate is called (in this case @pattern), it first checks if the request has already been authorized ( isActionAuthorised(ctx) ) and if so, it passes to the next delegate without processing the request.
This can be found at AbstractRestrictiveAction class line 37.
I wonder if this is intended? I believe it can be much more beneficial if we can chain the authorization actions and fail if any of them fail. But currently we only process the first action actually.

I am unable to use a default constraint without assigning a handler.

Ex.
@SubjectPresent(handler = MyDeadboltHandler.class)
or
@restrictions(value = {@and("Admin"), @and("Web Team")}, handler = MyDeadboltHandler.class)

If handler is not assigned, I get a white screen with zero content and a "subject null" error in the logs.

I am obviously missing something.

In AbstractRestrictiveAction, BeforeAccessAction, SubjectNotPresentAction, and SubjectPresentAction, the result of DeadboltHandler.beforeAuthCheck() is being called without a null check. Since beforeAuthCheck is expected to return null, a NullPointerException occurs.

Hi Steve,

I am struggling to understand the reason for having two methods in the DynamicResourceHandler:

• isAllowed
• checkPermission

I've coded a few tests and it seems that "checkPermission" is never called.

Please could you enlighten me on what is the purpose of each method ?

Best regards,

PYC

In example
I see Permission is just an another Role,so how is Permission's job? and Role vs Permission what 's differently?

So. I thinks.current version would be wrongs.

Hi Guys,

I have a question on how to best implement a given scenario with Deadbolt I hope someone can help me out.

I have a user who has a role -> document:edit:US defining that this user can edit every document from the US.

My controller ( API ) receives a document submit POST request where I need to validate if the submitting user can submit the given document for the country he / she is sending inside the json object. Please note some users can submit to more than one country of course.

Something like this -> loggedInUser.getCountry().equeals(document.getCountry())

Can I use a Dynamic rule to do this somehow ?

Any ideas what is best to implement such scenario ?

I have a simple project with this DeadboltHandler/getRoleHolder implementation :

    public RoleHolder getRoleHolder(Context ctx) {
        User user = null;
        String userEmail = ctx.session().get("user");
        if (userEmail != null) {
            user = User.findByEmail(userEmail);
        }
        return user;
    }

And a simple action with a restriction :

    @Restrict("admin")
    public static Result admin() {
        return ok("test");
    }

It works like a charm... until I make a change in any of my classes (in Dev mode with hot reloading).
After hot-reloading : i get a ClassCastException on every call to getRoleHandler() :

java.lang.ClassCastException: models.User cannot be cast to models.User
        at models.User.findByEmail(User.java:73) ~[classes/:na]
        at security.DeadboltHandler.getRoleHolder(DeadboltHandler.java:28) ~[classes/:na]
        at be.objectify.deadbolt.utils.RequestUtils.getRoleHolder(RequestUtils.java:53) ~[deadbolt-2_2.9.1.jar:1.1-SNAPSHOT]
       ....

After some investigations, i found the cause :
Deadbolt class loads and store the DeadboltHandler when the class is loaded, in a static block of code.
When a code change occurs in dev mode, play recompiles and hot-replace all the classes of my application, but not the classes of deadbolt2. So, the static block of the Deadbolt class is not called again and Deadbolt keeps a reference to my old classes. And here come the ClassCastException.

I've found way to fix this :

• by turning Deadbolt into a Play2 Plugin. The method play.Plugin.onStart() is called after each hot-reloading, so it's easy to reload the DeadboltHandler here.
• AND by using the play classloader (Play.application().classloader()) to instanciate the DeadboltHandler

I will post a pull request with these changes very soon...

Hey,

I try to use the dynamic resource handler from your sample role-inheritance but it looks that I miss something...
So in my view I use :
@dynamic("minimumLevelRequired", "role.prospect") {
foo
}

And I have a runtime exception like this:
[RuntimeException: A dynamic resource is specified but no dynamic resource handler is provided]

Do I need to configure something else ?

Many thanks for your help,

Hello there,

I am currently using play 2.1.2 and trying to integrate deadbolt-2 to perform basic authorization. However, I am running in to this error:

! @6fbfdhi2a - Internal server error, for (GET) [/] ->

play.api.PlayException: Cannot load plugin[Plugin [be.objectify.deadbolt.DeadboltPlugin] cannot been instantiated.]
    at play.api.WithDefaultPlugins$$anonfun$plugins$1$$anonfun$apply$9.apply(Application.scala:156) ~[play_2.10.jar:2.1.2]

Looks like it's not able to resolve and obtain DeadboltPlugin. Tried a few things as mentioned in other forums, still with no luck. I am currently using the following in my Build.scala

  val appDependencies = Seq(
    // Add your project dependencies here,
    javaCore,
    javaJdbc,
    javaEbean,
    "commons-io" % "commons-io" % "2.4",
    "mysql" % "mysql-connector-java" % "5.1.18",
    "com.google.code.gson" % "gson" % "2.2",
    "be.objectify" % "deadbolt-java_2.10" % "2.0-SNAPSHOT"
  )

  val main = play.Project(appName, appVersion, appDependencies).settings(
    // Add your own project settings here     
    resolvers += Resolver.url("Objectify Play Repository", url("http://schaloner.github./releases/"))(Resolver.ivyStylePatterns),
    resolvers += Resolver.url("Objectify Play Snapshot Repository", url("http://schaloner.github.com/snapshots/"))(Resolver.ivyStylePatterns)  )

}

Any help is greatly appreciated. Thanks!

Hi,
i've got an action secured like this
@restrictions({@and(AppGatewayConsts.ROLE_ADMIN),@and(AppGatewayConsts.ROLE_USER)})

When testing a non authorized request i got this exception thrown inside the onAccessFailure code which resulted in the http response never returned and so the server stuck.
this is the console output

[info] play - Application started (Dev)
[debug] application - getAuthnAPIAdapter - Authentication module to use: com.hibu.play2modauthn.appgateway.AuthnAPIAdapterImpl
[debug] application - getUserRoles - Roles header not found in request, so no rights assumed
[warn] application - Deadbolt: Access failure on [/test]
[debug] application - getAuthnAPIAdapter - Authentication module to use: com.hibu.play2modauthn.appgateway.AuthnAPIAdapterImpl
[debug] application - getAuthenticatedUserId - User id found in header:12345
[warn] application - onAccessFailure: Request:[/test] - Method:[GET] - User:[12345] access failure.
Roles:none
[error] p.c.ActionInvoker - value
java.lang.NullPointerException: value
    at org.jboss.netty.handler.codec.http.HttpCodecUtil.validateHeaderValue(HttpCodecUtil.java:46) ~[netty.jar:na]
    at org.jboss.netty.handler.codec.http.HttpHeaders.setHeader(HttpHeaders.java:873) ~[netty.jar:na]
    at org.jboss.netty.handler.codec.http.DefaultHttpMessage.setHeader(DefaultHttpMessage.java:48) ~[netty.jar:na]
    at play.core.server.netty.PlayDefaultUpstreamHandler$$anon$3$$anonfun$handle$5.apply(PlayDefaultUpstreamHandler.scala:107) ~[play_2.9.1.jar:2.0.3]
    at play.core.server.netty.PlayDefaultUpstreamHandler$$anon$3$$anonfun$handle$5.apply(PlayDefaultUpstreamHandler.scala:98) ~[play_2.9.1.jar:2.0.3]
    at scala.collection.immutable.Map$Map3.foreach(Map.scala:163) ~[scala-library.jar:0.11.3]
[error] a.r.RouterConfig$$anon$1 - value
java.lang.NullPointerException: value
    at org.jboss.netty.handler.codec.http.HttpCodecUtil.validateHeaderValue(HttpCodecUtil.java:46) ~[netty.jar:na]
    at org.jboss.netty.handler.codec.http.HttpHeaders.setHeader(HttpHeaders.java:873) ~[netty.jar:na]
    at org.jboss.netty.handler.codec.http.DefaultHttpMessage.setHeader(DefaultHttpMessage.java:48) ~[netty.jar:na]
    at play.core.server.netty.PlayDefaultUpstreamHandler$$anon$3$$anonfun$handle$5.apply(PlayDefaultUpstreamHandler.scala:107) ~[play_2.9.1.jar:2.0.3]
    at play.core.server.netty.PlayDefaultUpstreamHandler$$anon$3$$anonfun$handle$5.apply(PlayDefaultUpstreamHandler.scala:98) ~[play_2.9.1.jar:2.0.3]
    at scala.collection.immutable.Map$Map3.foreach(Map.scala:163) ~[scala-library.jar:0.11.3]

The exception inside the onAccessFailure method was thrown because i was setting an header with a null value

context.response().setHeader("Access-Control-Allow-Origin", Play.application().configuration().getString("access-control-allow-origin"));

I think i should get a response anyway.

NOTES:
I'm already using the Http.Context.current.set(context); workaround.
I'm using play 2.0.3, deadbolt 1.1.2

Hi, I'm currently using this version: "be.objectify" %% "deadbolt-java" % "2.1-RC2" in a play 2.1 app, I'm having issues using both @dynamic(deferred=true) at method-level with @SubjectPresent at controller level.

I modified the sample project in github to test this:

@SubjectPresent   
@DeferredDeadbolt
public class DeferredController extends Controller
....
@Dynamic(value="pureLuck2", deferred=true)
public static Result deferredDynamic()
{
    return ok(accessOk.render());
}

then in the MyDynamicResourceHandler I added:

HANDLERS.put("pureLuck2",
new AbstractDynamicResourceHandler()
            {
                public boolean isAllowed(String name, 
                                         String meta, 
                                         DeadboltHandler deadboltHandler,
                                         Http.Context context)
                {
                    return System.currentTimeMillis() % 2 == 0/0;
                }
            });

notice the division by zero, this is to test if the handler is being executed(it should crash every time).
Whether I put @SubjectPresent or @SubjectNotPresent at the top of the controller I still get an error page in the little iframe corresponding to this test. What I understand from this is that the Dynamic handler is being executed always first, when it shouldn't be executed at all.

Thanks

Hello there,

I am currently using play 2.1 with deadbolt-2 to perform basic authorization. However, when trying to implement OR, AND role's combination, I couldn't implement them even following https://github.com/schaloner/deadbolt-2-guide/blob/master/06-deadbolt-java-controllers.markdown documentation.
Neither could import the Restriction class/interface to be used in a project, or find its source code in de java or core github's repo https://github.com/schaloner/deadbolt-2.

Just a quick question:

I just started restricting access to all my controllers. I'd like to have the @RoleHolderNotPresent annotation on my login action, but the annotation is simply not found (see: http://i50.tinypic.com/2iv0m7m.png).
Is this a known issue, or did I configure anythin wrong? I'm using version 1.1.2

Thanks,
Alex

Hi,

In Play 2.3.x, SimpleResult type has been renamed to Result. They have added "an alias type" SimpleResult "for smoother migration", but this doesn't seem to help in Deadbolt-related actions. The particular problem is that AbstractDeadBoltAction.onAuthFailure has return type Promise. This probably just has to be changed to play.mvc.Result and this would probably solve the issue. I guess that all occurrences of SimpleResult throughout the code-base should just be changed to Result and problem solved.. hopefully : )

Also see http://www.playframework.com/documentation/2.3.x/Migration23 .

Thanks!

Hi,

the example Build.scala in README.textile contains a wrong (outdated?) dependency for deadbolt-2:

object ApplicationBuild extends Build {

        val appName         = "deadbolt-usage"
        val appVersion      = "1.1.2"

        val appDependencies = Seq(
          "deadbolt-2" %% "deadbolt-2" % "1.1.2"
        )

        val main = PlayProject(appName, appVersion, appDependencies, mainLang = JAVA).settings(
          resolvers += Resolver.url("Objectify Play Repository", url("http://schaloner.github.com/releases/"))(Resolver.ivyStylePatterns)
        )
}

It should be (as is mentioned just two lines above):

  "be.objectify" %% "deadbolt-2" % "1.1.2"

This cost me just way too much time to figure out why the dependency was not working ;)

Hi,
Could you recompile deadbolt for play-2.3.1.

Thanks

SBT is unable to retrieve deadbolt with the following error:

[error] SERVER ERROR: Backend is unhealthy url=http://schaloner.github.com/releases/be.objectify/deadbolt-java_2.10/2.1/ivys/ivy.xml
[error] SERVER ERROR: Connection timed out url=http://schaloner.github.com/snapshots/be.objectify/deadbolt-java_2.10/2.1/ivys/ivy.xml
[error] SERVER ERROR: Backend is unhealthy url=http://joscha.github.com/play-authenticate/repo/releases/be.objectify/deadbolt-java_2.10/2.1/ivys/ivy.xml
[warn]  module not found: be.objectify#deadbolt-java_2.10;2.1

See here http://fpaste.org/12667/ for full stack trace

It worked before, but now there seems to be something wrong...is this a problem with github?

My Build.scala file contains the following:

    "be.objectify"  %% "deadbolt-java"      % "2.1-RC2",

      resolvers += Resolver.url("Objectify Play Repository", url("http://schaloner.github.com/releases/"))(Resolver.ivyStylePatterns),
      resolvers += Resolver.url("Objectify Play Snapshot Repository", url("http://schaloner.github.com/snapshots/"))(Resolver.ivyStylePatterns),

The README implies that one would be able to resolve the deadbolt-2 from http://schaloner.github.com/releases/. Is that true or just an example? In any case, the URL returns 404.

Also, I'm interested in helping where I can on this project, so I'll likely start with some documentation contributions once I get more comfortable with the module.

In view restrictions @restrict(la(as("foo"))) is allowing access for role with "foo".
If a NOT is added to
@if(be.objectify.deadbolt.Deadbolt.viewDynamic(name, meta)) {
@Body
}
in dynamic.scala.html may solve this. Further check is required.

Also there is documentation errors for @roleHolderPresent() and @roleHolderNotPresent(). It should be @roleHolderPresent and @roleHolderNotPresent.

Thanks for the good work.

I am using Play! Framework 2.0.4

I have this in Build.scala:

    val appDependencies = Seq(
        "be.objectify" %% "deadbolt-java" % "2.0-SNAPSHOT"
    )
    val main = PlayProject(appName, appVersion, appDependencies, mainLang = JAVA).settings(
      resolvers += Resolver.url("Objectify Play Repository", url("http://schaloner.github.com/releases/"))(Resolver.ivyStylePatterns),
      resolvers += Resolver.url("Objectify Play Snapshot Repository", url("http://schaloner.github.com/snapshots/"))(Resolver.ivyStylePatterns)
    )  

And when I try running the project I get this:

[info] Updating {file:/Users/bp/play2/club/}club...
[warn]  module not found: be.objectify#deadbolt-java_2.9.1;2.0-SNAPSHOT                
[warn] ==== local: tried
[warn]   /opt/local/play/play-2.0.4/framework/../repository/local/be.objectify/deadbolt-java_2.9.1/2.0-SNAPSHOT/ivys/ivy.xml
[warn] ==== Typesafe Releases Repository: tried
[warn]   http://repo.typesafe.com/typesafe/releases/be/objectify/deadbolt-java_2.9.1/2.0-SNAPSHOT/deadbolt-java_2.9.1-2.0-SNAPSHOT.pom
[warn] ==== Typesafe Snapshots Repository: tried
[warn]   http://repo.typesafe.com/typesafe/snapshots/be/objectify/deadbolt-java_2.9.1/2.0-SNAPSHOT/deadbolt-java_2.9.1-2.0-SNAPSHOT.pom
[warn] ==== Typesafe Releases: tried
[warn]   http://repo.typesafe.com/typesafe/releases/be/objectify/deadbolt-java_2.9.1/2.0-SNAPSHOT/deadbolt-java_2.9.1-2.0-SNAPSHOT.pom
[warn] ==== Objectify Play Repository: tried
[warn]   http://schaloner.github.com/releases/be.objectify/deadbolt-java_2.9.1/2.0-SNAPSHOT/ivys/ivy.xml
[warn] ==== Objectify Play Snapshot Repository: tried
[warn]   http://schaloner.github.com/snapshots/be.objectify/deadbolt-java_2.9.1/2.0-SNAPSHOT/ivys/ivy.xml
[warn] ==== public: tried
[warn]   http://repo1.maven.org/maven2/be/objectify/deadbolt-java_2.9.1/2.0-SNAPSHOT/deadbolt-java_2.9.1-2.0-SNAPSHOT.pom
[warn]  ::::::::::::::::::::::::::::::::::::::::::::::                       
[warn]  ::          UNRESOLVED DEPENDENCIES         ::
[warn]  ::::::::::::::::::::::::::::::::::::::::::::::
[warn]  :: be.objectify#deadbolt-java_2.9.1;2.0-SNAPSHOT: not found
[warn]  ::::::::::::::::::::::::::::::::::::::::::::::
[error] {file:/Users/bp/play2/club/}club/*:update: sbt.ResolveException: unresolved dependency: be.objectify#deadbolt-java_2.9.1;2.0-SNAPSHOT: not found
[warn] some of the dependencies were not recompiled properly, so classloader is not avaialable
[info] Updating {file:/Users/bp/play2/club/}club...
[warn]  module not found: be.objectify#deadbolt-java_2.9.1;2.0-SNAPSHOT                
[warn] ==== local: tried
[warn]   /opt/local/play/play-2.0.4/framework/../repository/local/be.objectify/deadbolt-java_2.9.1/2.0-SNAPSHOT/ivys/ivy.xml
[warn] ==== Typesafe Releases Repository: tried
[warn]   http://repo.typesafe.com/typesafe/releases/be/objectify/deadbolt-java_2.9.1/2.0-SNAPSHOT/deadbolt-java_2.9.1-2.0-SNAPSHOT.pom
[warn] ==== Typesafe Snapshots Repository: tried
[warn]   http://repo.typesafe.com/typesafe/snapshots/be/objectify/deadbolt-java_2.9.1/2.0-SNAPSHOT/deadbolt-java_2.9.1-2.0-SNAPSHOT.pom
[warn] ==== Typesafe Releases: tried
[warn]   http://repo.typesafe.com/typesafe/releases/be/objectify/deadbolt-java_2.9.1/2.0-SNAPSHOT/deadbolt-java_2.9.1-2.0-SNAPSHOT.pom
[warn] ==== Objectify Play Repository: tried
[warn]   http://schaloner.github.com/releases/be.objectify/deadbolt-java_2.9.1/2.0-SNAPSHOT/ivys/ivy.xml
[warn] ==== Objectify Play Snapshot Repository: tried
[warn]   http://schaloner.github.com/snapshots/be.objectify/deadbolt-java_2.9.1/2.0-SNAPSHOT/ivys/ivy.xml
[warn] ==== public: tried
[warn]   http://repo1.maven.org/maven2/be/objectify/deadbolt-java_2.9.1/2.0-SNAPSHOT/deadbolt-java_2.9.1-2.0-SNAPSHOT.pom
[warn]  ::::::::::::::::::::::::::::::::::::::::::::::                       
[warn]  ::          UNRESOLVED DEPENDENCIES         ::
[warn]  ::::::::::::::::::::::::::::::::::::::::::::::
[warn]  :: be.objectify#deadbolt-java_2.9.1;2.0-SNAPSHOT: not found
[warn]  ::::::::::::::::::::::::::::::::::::::::::::::
[error] {file:/Users/bp/play2/club/}club/*:update: sbt.ResolveException: unresolved dependency: be.objectify#deadbolt-java_2.9.1;2.0-SNAPSHOT: not found

What gives? Are the repositories not available? Or am I missing something?

I see that 2.3.0-RC1 is only available for scala 2.11
since play 2.3 is available both on 2.10 and 2.11 it would be better to also release 2.10 artifacts

If I add the line in the file play/plugins (this is the only line in the file) :

1000:be.objectify.deadbolt.java.DeadboltPlugin

I get the following error message :

[error] application - 

! Internal server error, for (GET) [/app/Invoice/list] ->
scala.MatchError: be.objectify.deadbolt.java.DeadboltPlugin (of class java.lang.String)
    at play.api.WithDefaultPlugins$$anonfun$pluginClasses$1$$anonfun$apply$8.apply(Application.scala:100) ~[play_2.11-2.3.2.jar:2.3.2]
    at play.api.WithDefaultPlugins$$anonfun$pluginClasses$1$$anonfun$apply$8.apply(Application.scala:100) ~[play_2.11-2.3.2.jar:2.3.2]
    at scala.collection.TraversableLike$$anonfun$map$1.apply(TraversableLike.scala:245) ~[scala-library-2.11.1.jar:na]
    at scala.collection.TraversableLike$$anonfun$map$1.apply(TraversableLike.scala:245) ~[scala-library-2.11.1.jar:na]
    at scala.collection.IndexedSeqOptimized$class.foreach(IndexedSeqOptimized.scala:33) ~[scala-library-2.11.1.jar:na]

If I remove this line, all of my program, which use few classes of DeadBolt, work fine.
Can you help me solve this problem ?

I want to user @dynamic and @subject at the same action，and take effect at the same time.
eg.: If I do not login or MyAlternativeDeadboltHandler return false, access failed.

actually,if i login, i can access this action，do not call MyAlternativeDeadboltHandler.

@SubjectPresent(handler=MyAlternativeDeadboltHandler.class)
@dynamic(handler=MyAlternativeDeadboltHandler.class,value="")
public static Result pureLuck()
{
return ok(accessOk.render());
}

Hi, i am using "be.objectify" %% "deadbolt-java" % "2.1-RC2".

I tried:

@Dynamic("dyn1")
@DeadboltDeferred
public class Application extends Controller {
     @Dynamic("dyn2", deferred=true)
     public static Result index(){....}
}

only "dyn2" seems to be executed in this case. What I would expect it be is an AND relationship in the execution order of "dyn1" and "dyn2"

is there a work around to make it work? Thanks

In scala play20 application deadbolt2 dont work because annotations for scala api.
Ticket in play20 bugtracker https://play.lighthouseapp.com/projects/82401/tickets/300-after-creation-of-new-application-annotations-does-not-works

May be I do something wrong, but I cant use deadbolt2 in scala controllers. Samples does not works for me - no errors, and no effect from Restrict annotations. In Java controllers all works fine.

Where I must search my error? My ideas are over.

Is the latest version of deadbolt compatible with Play 2.2.0?

Thanks

I've run into a problem with an app I am building on Play 2.2.2 (using Deadbolt 2 version 2.2.1-RC2). I am using JPA with the Play @transactional annotation, which works fine, but as soon as I add the Deadbolt 2 @restricted annotation, JPA stops working completely, and fails on every call with an error saying that there is EntityManager bound to the thread.

Any ideas how to work around this?

Thanks.

[error] application - Access to [/login] requires a RoleHolder, but no RoleHolder is present.

@RoleHolderNotPresent
public static Result login() {
return ok(login.render(form(Login.class)));
}

Downloading software over http is a security risk. See http://blog.ontoillogical.com/blog/2014/07/28/how-to-take-over-any-java-developer/