Auth

Authentication is identifying who the user is. Authentication is used to limit which parts of the application a user may access. Mettle provides a mechanism for integrating Secure-Social or other Play authentication add-ons.

The Command class has a member

public AuthUser authUser

A null value indicates the user is not logged in. A non-null value indicates an authenticated user, and the following information is available in authUser:

String getUsername(); //user's name (for display purposes)
String getUserId(); //primary key of the user record (if using a db for authentication)
String getSessionId(); //a unique value indicating the current login session for this user
Object getSubject(); //for authorization (not yet implemented)

The controller's boundary object typically does the following. First, it gets the session id from the Play session. The session id is used to find the user and create an AuthUser object. The AuthUser object is stored in the command so it is available to the presenter.

The Presenter provides two methods

boolean isLoggedIn(Command cmd);
void ensureLoggedIn(Command cmd);

The first method returns a boolean, so your presenter can support both logged-in and non-logged-in users. The second method throws a NotLoggedInException if the user is not logged in. This is caught by the base Presenter and converted into a Reply destination of Reply.FORWARD_NOT_AUTHENTICATED. Usually your controller will response to this destination by redirecting to an error page.