Play Framework controller with secure and non-secure methods. Possible?

I try to make a website with play with a m开发者_开发知识库ember and a non member area. So i have controllers with member and non-member methods. But i can only make the whole controller secure [@With(Secure.class)]. Is it possibly to make only a few methods secure and access the others without a login?

Thanks

Yes, you can, although it will require some tweaking on the Secure class. If you check @Secure it has a method annotated with @Before. As per documentation you can indicate which methods the @Before is applied to and for which ones it is skipped.

@Before(unless="login")

So it would be a matter of not running @Before on the public methods. Be aware it may not work properly using @With and you may need to create your own @Before in the controller that manages the security (calling the proper methods in secure).

But it would be simpler to just have 2 controllers, one for secure users and one for public methods.

You can use the deadbolt module which is quite powerful: http://www.playframework.org/modules/deadbolt

Yes, you can to this. Remove @With annotation and use this method of Secure controller when you want restrict access to connected user :

Secure.checkAccess();

With this method, you can even use @Check annotation. Example :

    @Check("member")
    public static void restrictedAction() {
        Secure.checkAccess();
        ...
    }

No, there is no simple way to do this. You can check roles, but not connected user, visitor.

You would have to add @Before annotations and that is going to be a little complicated. Simply break up your controller into several controllers. It is by the way, functionnaly better to do it that way, rather than mix up public/private methods.