Play provides a simple filter API for applying global filters to each request. Such a filter is basically the same as an action. It produces a request and returns a result. So it's possible to use the actions provided by Silhouette inside a filter to create a global authentication mechanism.

Next, you can find a simple example which shows how you could implement a filter to restrict access to a route.

class SecuredFilter @Inject() (silhouette: Silhouette[DefaultEnv], bodyParsers: PlayBodyParsers) extends Filter {

  override def apply(next: RequestHeader => Future[Result])(
    request: RequestHeader): Future[Result] = {
    
    // As the body of request can't be parsed twice in Play we should force 
    // to parse empty body for UserAwareAction
    val action = silhouette.UserAwareAction.async(bodyParsers.empty) { r =>
      request.path match {
        case "/admin" if r.identity.isEmpty => Future.successful(Unauthorized)
        case _ => next(request)
      }
    }

    action(request).run
  }
}

🚧

Info

Please refer to the Play Framework Documentation for how filters can be applied to your application.


What’s Next