Migration guide - pac4j/play-pac4j GitHub Wiki

-> 12.x

Version 6.x of pac4j and JDK 17 are now required.

Deadbolt is no longer supported.

The Play SessionStore is no longer binded with Guice, but defined via the config.setSessionStoreFactory method.

-> 11.0.0-x

Version 5.x of pac4j is now required. JDK 11 is required too.

The multiProfile and saveInSession options are now removed from the controllers and handled at the Client level.

The custom PlaySessionStore has been replaced by the regular SessionStore.

The PlayCookieSessionStore storage design has been refactored to reduce the size taken in the Play session.

9.x -> 10.x

Play 2.8 is now used instead of Play 2.7.

-> 9.x

Version 4.x of pac4j is now required.

You no longer need to define a Play HttpActionAdapter at the config level as the PlayHttpActionAdapter.INSTANCE is used by default (except for Deadbolt). You may also set specific Results via the PlayHttpActionAdapter.

The specific keywords: _anonymous_ and _authenticated_ have been removed from the SecurityFilter. The regular pac4j capabilities must be used.

The callback and logout controllers definition in the routes file must now include the request:

GET         /callback                         @org.pac4j.play.CallbackController.callback()
POST        /callback                         @org.pac4j.play.CallbackController.callback()
GET         /logout                           @org.pac4j.play.LogoutController.logout()

becomes

GET         /callback                         @org.pac4j.play.CallbackController.callback(request: Request)
POST        /callback                         @org.pac4j.play.CallbackController.callback(request: Request)
GET         /logout                           @org.pac4j.play.LogoutController.logout(request: Request)

-> 7.x

The DefaultHttpActionAdapter is deprecated and should be replaced by the PlayHttpActionAdapter which is the same component except the name.

4.x -> 5.x

The play-pac4j library has been renamed as play-pac4j_2.11 when built with Scala 2.11 and as play-pac4j_2.12 when built with Scala 2.12.

Scala trait Security was revamped to be more consistent with actions and action builders in Play 2.6.

  • removed function List[P]=>Action[AnyContent] and replaced by AuthenticatedRequest encapsulating the request and the list of profiles
  • introduced support of any content type not only AnyContent
  • Secure method no longer returns an Action, it returns instance of ActionBuilder instead. That enables use of a standard simple action as well as use of any parser or even produce an asynchronous result.
  • introduced SecurityComponents extending ControllerComponents to ease injection of dependencies
  • for backward compatibility, introduced a method profiles accepting implicit AuthenticatedRequest and returning List[P]

3.0.0 -> 4.0.0 (Play 2.6)

The Security trait extends the BaseController and thus, the controllerComponents must be injected. The HttpExecutionContext no longer needs to be injected into the Security trait.

2.5.x / 2.6.x -> 3.0.0

The ApplicationLogoutController has been renamed as LogoutController and the PlayCacheStore as PlayCacheSessionStore.

2.4.0 (Play 2.5) -> 2.5.0 (Play 2.5)

The SecurityModule class needs to bind the PlaySessionStore to the PlayCacheStore.

The PlayWebContext needs a PlaySessionStore, see examples at heading 5 (Get the user profile (ProfileManager)).

2.1.0 (Play 2.4) / 2.2.0 (Play 2.5) -> 2.3.0 (Play 2.4) / 2.4.0 (Play 2.5)

The RequiresAuthentication annotation and function have been renamed as Secure with the clients and authorizers parameters (instead of clientName and authorizerName).

The UserProfileController class and the getUserProfile method in the Security trait no longer exist and the ProfileManager must be used instead.

The ApplicationLogoutController behaviour has slightly changed: even without any url request parameter, the user will be redirected to the defaultUrl if it has been defined

2.0.1 -> 2.1.0

The separate Scala and Java projects have been merged. You need to change the dependency play-pac4j-java or play-pac4j-scala to simply play-pac4j.

The getUserProfile method of the Security trait returns a Option[CommonProfile] instead of just a UserProfile.

2.0.0 -> 2.0.1

The DataStore concept is replaced by the pac4j SessionStore concept. The PlayCacheStore does no longer need to be bound in the security module. A new session store could be defined using the config.setSessionStore method.

The DefaultHttpActionAdapter does not need to be bound in the security module, but must to be set using the config.setHttpActionAdapter method.