@(subject: be.objectify.deadbolt.core.models.Subject) Deadbolt 2 Java examples

Deadbolt 2 Java

This is a collection of examples using Deadbolt 2 at both the controller and template level to implement authorisation in a Play 2 application.

Configuration

For the purposes of these examples, except where stated otherwise, the user has the following roles:

    @for(role <- subject.getRoles()){
  • @role.getName
  • }

The user also has the following permissions:

    @for(permission <- subject.getPermissions()){
  • @permission.getValue
  • }

Controller authorisation

Protecting your controllers against unauthorised use is a key element of good application security. Here, you'll find examples of each of the controller-level authorisations provided by Deadbolt 2.

For each example, the action is shown on the left, and the result is loaded into an iframe on the right.

@examples.controllers.SubjectPresent() @examples.controllers.SubjectNotPresent() @examples.controllers.Restrict() @examples.controllers.Dynamic() @examples.controllers.Pattern() @examples.controllers.Unrestricted()

Template authorisation

Deadbolt tags does not offer any real protected against misuse on your server side, but it does allow you to customise your UI according to the privileges of the current user.

Each tag has an "Or" variant, e.g. restrictOr, that allows you to pass in a alternative body for when authorisation fails.

For each example, the unprotected content is on the left, the Deadbolt tag is in the center and the result of the authorisation is on the right.

@examples.templates.SubjectPresent() @examples.templates.SubjectNotPresent() @examples.templates.Restrict() @examples.templates.Dynamic() @examples.templates.Pattern()