Basic Authentication Filter for Play Framework

I've been using Play framework for a few months and I am really starting to like it. For all its great features and simplicity, it still lacks some of the advanced features. Recently I was facing a problem of enabling basic auth -- some framework have this as a simple conf setting. After digging around on the internet, not much out there, I found some incomplete examples that I was able to pull together. The solution I came up with uses Filters. One of the requirements was that we needed a ping page outside the basic auth realm. Moreover, this is will be used behind a load balancer. A few points about the code:

  • The x-forwarded-for header needs to be checked to make sure we get the correct IP. If we are using this behind ELB (Elastic Load Balancer) the head will tell us the origin IP address.

  • BASE64Decoder is not thread safe (this actually stumped me).

  • Passwords can have ":" in them but usernames can not.