Playful Web Development, Part 1: Managing User Authentication with Play Framework and Scala

Playful web development, Part 1: Manage user authentication with the Play Framework and Scala

Implementing a starter authentication UI with Play, Silhouette, and MongoDB

Implement user management for your Play Framework applications and put your Scala skills to work. Pablo Pedemonte takes you through building a basic Play application that handles authentication and authorization. You can even use the application code as a starter for your own Play projects to shorten user‑management development time.

Implementing authentication in modern web applications can entail a significant amount of work. You need to enable users to authenticate via multiple mechanisms (credentials; social providers using OAuth1, OAuth2, or OpenID). User registration and password reset usually require email‑based flows. And requests and views both must be aware of the identity (if any) of the logged‑in user.

This tutorial presents a starter authentication application built with the Play Framework. Play is a member of a new generation of reactive web frameworks, such as Node.js and Vert.x, that are designed with scalability in mind. Play also brings development‑friendly features such as native XML and JSON handling, in‑browser error reporting in development mode, built‑in test helpers, and Selenium integration. You can write Play applications in Java™ or Scala, but Scala is preferable. Functional languages are best suited to a reactive programming style. Although Java has finally embraced functional programming concepts in version 8, it lags behind Scala's extensive provision of functional features.

My starter application shows Scala and Play in action by implementing:

Play for scalability

By using asynchronous I/O, Play enforces a programming model in which application code reacts to events triggered when I/O has finished. In the meantime, threads running application code don't block and can process other requests. This design results in efficient use of processor cores: Play can handle heavy traffic with a handful of threads. And Play doesn't store any server‑side session state, which favours horizontal scalability by putting session affinity out of the way: Any server in a cluster can pick up a request.

Email-based user sign‑up

Credentials (email and password), and Twitter authentication via OAuth1

Email-based password reset

Credentials and Twitter account linking

Examples of user‑aware views, HTTP requests, and Ajax calls

The application uses Silhouette for the authentication work, and MongoDB for user persistence. All request processing and the interactions with MongoDB are completely asynchronous. You can use this application as a seed for your own projects to spare yourself the effort of implementing authentication from scratch.

I assume that you have basic familiarity with the Scala language. (If you have a Java background and need an introduction to Scala, I suggest reading the developerWorks The busy Java developer's guide to Scala series.) I also assume at least minimal experience with Play; basic knowledge about controllers, routes, and views is enough. For an introduction to Play, see the Getting Started section of the Play documentation. (The code in this tutorial uses the Play Framework version 2.4.2, so read the documentation for that version.) And be sure to check out Part 2 in this series, where I show you how to deploy Play applications on IBM Bluemix™.