Request types in silhouette API


#1

I see there are three types of action requests in silhouette. they are

  • SecuredAction
  • UnsecuredAction
  • UserAwareAction

I assume SecuredAction requests works only when the user is already authenicated. Why do we have UnsecuredAction request action type?. cant we use normal actions of play instead of UnsecuredAction?. and what about UserAwareAction where should I exactly use it and whats its use case?. overall how does each different actions work


#2

Hi,

The documentation says:

Silhouette provides a replacement for Play’s built in Action class named SecuredAction which is based on the SecuredRequestHandler.

The opposite of the SecuredAction is the UnsecuredAction which is based on the UnsecuredRequestHandler.

There is also a UserAwareAction which is based on the UserAwareRequestHandler

The definition for the request handlers can be found here:

  • There exists a SecuredRequestHandler which intercepts requests and checks if there is an authenticated user. If there is one, the execution continues and the enclosed code is invoked.

  • The UnsecuredRequestHandler does the opposite of the SecuredRequestHandler. It intercepts requests and checks if there is a not-authenticated user. If there is one, the execution continues and the enclosed code is invoked.

  • There is also a UserAwareRequestHandler that can be used for endpoints that need to know if there is a current user but can be executed even if there isn’t one.

Maybe you can give some advice how we could improve the documentation, so that it’s more clear.

Thanks,
Christian


#3

Thanks akkie!!.. I missed this in the documentation and all makes sense now…


#4

I do understand what the UnsecuredRequestHandler does, but I’m wondering what the use case would be.


#5

As example: A login page should not be accessed from a logged-in user. Same as with registration pages.


#6

That’s true.
I’m only starting out with silhouette so I’m still figuring it all out out.