How can I write a "user can only access own profile page" type of security check in Play Framework?

Posted by karianneberg on Stack Overflow See other posts from Stack Overflow or by karianneberg
Published on 2012-05-31T14:49:42Z Indexed on 2012/05/31 16:40 UTC
Read the original article Hit count: 245

Filed under:

security

|

playframework

|

playframework-1.x

I have a Play framework application that has a model like this: A Company has one and only one User associated with it.

I have URLs like http://www.example.com/companies/1234, http://www.example.com/companies/1234/departments, http://www.example.com/companies/1234/departments/employees and so on. The numbers are the company id's, not the user id's.

I want that normal users (not admins) should only be able to access their own profile pages, not other people's profile pages. So a user associated with the company with id 1234 should not be able to access the URL http://www.example.com/companies/6789

I tried to accomplish this by overriding Secure.check() and comparing the request parameter "id" to the ID of the company associated with the logged in user. However, this obviously fails if the parameter is called anything else than "id".

Does anyone know how this could be accomplished?

© Stack Overflow or respective owner

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More

Related posts about playframework

Java PlayFramework & Python Django GAE

as seen on Programmers - Search for 'Programmers'
I already know Java, C# and C++. Now I want to start with web development and I saw that some really big sites are built with Python/C++. I like the coding style of Python, it looks really clean, but some other things like no errors before runtime is really strange. However, I don't know what I should… >>> More
playframework auto-test Jenkins CI wait for completion?

as seen on Stack Overflow - Search for 'Stack Overflow'
I am trying to set up Jenkins CI for a playframework.org application but am having trouble properly launching play after the auto-test command is run. The tests all run fine, but it seems as though my script is launching both play auto-test and play start --%ci at the same time. When the play start… >>> More
How to download images in playframework jobs?

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a playframework Job class like this: public class ImageDownloader extends Job { private String[] urls; private String dir; public ImageDownloader(){} public ImageDownloader(String[] urls,String dir){ this.urls = urls; this.dir = dir; } @Override public void doJob() throws Exception… >>> More
Playframework and Django

as seen on Stack Overflow - Search for 'Stack Overflow'
I have worked with Django before and have recently seen the Play framework. Is this the Java community's answer to Django? Any experiences with it? Any performance comparisons with other Java web frameworks? Edit:Almost similar to http://stackoverflow.com/questions/1597086/any-experience-with-play-java-web-development-framework… >>> More
PlayFramework with Scala and Morphia

as seen on Stack Overflow - Search for 'Stack Overflow'
I keep getting this exception: Oops: CannotCompileException An unexpected error occured caused by exception CannotCompileException: [source error] ds() not found in models.dc What is wrong with my code? Here is models.ds package models import com.google.code.morphia.annotations._ @Embedded class… >>> More