Authentication using Unfiltered for Scala

Since it took me a while to figure this out (though it seems very obvious now), here’s how I do HTTP authentication in Unfiltered while preserving the authenticated user for later access.

class User(val name: String)

object User {
    def verify(name: String, password: String): Option[User] =
        if (
          name == "user" &&
          password == "pwd"
        ) {
          Some(new User(name))
        } else {
          None
        }
}

class AuthPlan extends Plan {
    val AuthFail =
        Unauthorized ~> WWWAuthenticate("""Basic realm="/"""")

    def intent = {
        case GET(Path("/na")) =>
            ResponseString("No Authentication needed")

        case req @ BasicAuth(u, p) =>
            User.verify(u, p) match {
                case Some(user) => req match {
                    case GET(Path("/a")) =>
                        ResponseString("Hello " + user.name)

                    case GET(...) =>
                        // Your other filters
                    case _ =>
                        NotFound
                }
                case None => AuthFail
            }

        case _ =>
            AuthFail
    }
}

Published: July 11 2011