I’m building a Lagom app which will expose JSON endpoints and also have a Play web ui. The Play ui might be built using Bootstrap.
I need a library to which I can delegate Authentication and Authorisation, both from the Web UI and at the exposed Endpoints. I have little to no knowledge of this area.
My intention is that the logged in Principal will carry a set of Roles, and that the Web App will be able to restrict access to certain functions based on Role membership. Access to JSON Endpoints should be certificate-based (unless someone has alternative suggestions).
My hope is that I will have to write very little code in this area.
In Production, and SIT, the credentials are actually held in Microsoft Active Directory. But in DEV and UAT I would hope to provide a simple text file with a handful of pre-defined usernames with easily remembered passwords and specific role assignments. Perhaps that means the Authenticator is different?
The web app will NOT expose self-registration or password reset capabilities - users are internal.
Anyway, I’m hoping someone can tell me that Silhouette either is or is not suitable, and whether for the Play/Bootstrap side only or also for the REST side.
Many thanks, Robin.